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Preface 



Number theory is concerned with properties of the integers: 

...,-4,-3,-2,-1,0,1,2,3,4,.... 

The great mathematician Carl Friedrich Gauss called this subject arithmetic 
and of it he said: 

Mathematics is the queen of sciences and arithmetic the queen of 
mathematics." 

At first blush one might think that of all areas of mathematics certainly 
arithmetic should be the simplest, but it is a surprisingly deep subject. 

We assume that students have some familiarity with basic set theory, and 
calculus. But very little of this nature will be needed. To a great extent the 
book is self-contained. It requires only a certain amount of mathematical 
maturity. And, hopefully, the student's level of mathematical maturity will 
increase as the course progresses. 

Before the course is over students will be introduced to the symbolic 
programming language Maple which is an excellent tool for exploring number 
theoretic questions. 

If you wish to see other books on number theory, take a look in the QA 241 
area of the stacks in our library. One may also obtain much interesting and 
current information about number theory from the internet. See particularly 
the websites listed in the Bibliography. The websites by Chris Caldwell [2] 
and by Eric Weisstein [11] are especially recommended. To see what is going 
on at the frontier of the subject, you may take a look at some recent issues 
of the Journal of Number Theory which you will find in our library. 
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PREFACE 



Here are some examples of outstanding unsolved problems in number the- 
ory. Some of these will be discussed in this course. A solution to any one 
of these problems would make you quite famous (at least among mathemati- 
cians). Many of these problems concern prime numbers. A prime number is 
an integer greater than 1 whose only positive factors are 1 and the integer 
itself. 



1. (Goldbach's Conjecture) Every even integer n > 2 is the sum of two 
primes. 

2. (Twin Prime Conjecture) There are infinitely many twin primes. [If p 
and p + 2 are primes we say that p and p + 2 are twin primes.] 

3. Are there infinitely many primes of the form n 2 + 1? 

4. Are there infinitely many primes of the form 2 n — 1? Primes of this 
form are called Mersenne primes. 

5. Are there infinitely many primes of the form 2 2 " + 1? Primes of this 
form are called Fermat primes. 

6. (3n+l Conjecture) Consider the function / defined for positive integers 
n as follows: f(n) — 3n + 1 if n is odd and f(n) — n/2 if n is even. The 
conjecture is that the sequence f(n),f(f(n)),f(f(f(n))),--- always 
contains 1 no matter what the starting value of n is. 

7. Are there infinitely many primes whose digits in base 10 are all ones? 
Numbers whose digits are all ones are called repunits. 

8. Are there infinitely many perfect numbers? [An integer is perfect if it 
is the sum of its proper divisors.] 

9. Is there a fast algorithm for factoring large integers? [A truly fast algo- 
ritm for factoring would have important implications for cryptography 
and data security] 
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Famous Quotations Related to Number Theory 

Two quotations from G. H. Hardy: 

In the first quotation Hardy is speaking of the famous Indian mathe- 
matician Ramanujan. This is the source of the often made statement that 
Ramanujan knew each integer personally. 

I remember once going to see him when he was lying ill at Putney. 
I had ridden in taxi cab number 1729 and remarked that the 
number seemed to me rather a dull one, and that I hoped it 
was not an unfavorable omen. "No," he replied, "it is a very 
interesting number; it is the smallest number expressible as the 
sum of two cubes in two different ways. " 

Pure mathematics is on the whole distinctly more useful than ap- 
plied. For what is useful above all is technique, and mathematical 
technique is taught mainly through pure mathematics. 

Two quotations by Leopold Kronecker 

God has made the integers, all the rest is the work of man. 

The original quotation in German was Die ganze Zahl schuf der Hebe Gott, 
alles Ubrige ist Menschenwerk. More literally, the translation is " The whole 
number, created the dear God, everything else is man's work." Note in 
particular that Zahl is German for number. This is the reason that today we 
use Z for the set of integers. 

Number theorists are like lotus-eaters - having once tasted of this 
food they can never give it up. 

A quotation by contemporary number theorist William Stein: 

A computer is to a number theorist, like a telescope is to an 
astronomer. It would be a shame to teach an astronomy class 
without touching a telescope; likewise, it would be a shame to 
teach this class without telling you how to look at the integers 
through the lens of a computer. 
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Chapter 1 

Basic Axioms for Z 



Since number theory is concerned with properties of the integers, we begin by 
setting up some notation and reviewing some basic properties of the integers 
that will be needed later: 

N = {1, 2, 3, ■ ■ ■ } (the natural numbers or positive integers) 
Z ={■■-, -3, -2, -1, 0, 1, 2, 3, • • • } (the integers) 

Q= | — | n, m G Z and m ^ j (the rational numbers) 



R = the real numbers 

Note that N C Z C Q C I. I assume a knowledge of the basic rules of high 
school algebra which apply to R and therefore to N, Z and Q. By this I 
mean things like ab = ba and ab + ac — a(b + c). I will not list all of these 
properties here. However, below I list some particularly important properties 
of Z that will be needed. I call them axioms since we will not prove them in 
this course. 

Some Basic Axioms for Z 

1. If a, b G Z, then a + 6, a — b and ab G Z. (Z is closed under addition, 
subtraction and multiplication.) 

2. If a G Z then there is no x G Z such that a < x < a + 1. 

3. If a, 6 G Z and a& = 1, then either a = 6= lora = 6= —1. 

4. Laws of Exponents: For n, m in N and a, 6 in R we have 
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CHAPTER 1. BASIC AXIOMS FOR Z 



(a) (a n ) m = a nm 

(b) (ab) n = a n b n 

(c) a n a m = a n+m . 

These rules hold for all n, m 6 Z if a and 6 are not zero. 

5. Properties of Inequalities: For a, b, c in R the following hold: 

(a) ( Transitivity) If a < 6 and 6 < c, then a < c. 

(b) If a < b then a + c < b + c. 

(c) If a < 6 and < c then ac < 6c. 

(d) If a < 6 and c < then be < ac. 

(e) (Trichotomy) Given a and 6, one and only one of the following 
holds: 

a — b, a < b, b < a. 

6. The Well-Ordering Property for N: Every non-empty subset of N 
contains a least element. 

7. The Principle of Mathematical Induction: Let P(n) be a state- 
ment concerning the integer variable n. Let n be any fixed integer. 
P(n) is true for all integers n > n if one can establish both of the 
following statements: 

(a) P(n) is true if n — n . 

(b) Whenever P(n) is true for n < n < k then P(n) is true for 
n = k + l. 

We use the usual conventions: 

1. a < b means a < b or a — b, 

2. a > b means b < a, and 

3. a > b means b < a. 



Important Convention. Since in this course we will be almost exclu- 
sively concerned with integers we shall assume from now on (unless otherwise 
stated) that all lower case roman letters a,b, . . . ,z are integers. 



Chapter 2 

Proof by Induction 



In this section, I list a number of statements that can be proved by use of 
The Principle of Mathematical Induction. I will refer to this principle as 
PMI or, simply, induction. A sample proof is given below. The rest will be 
given in class hopefully by students. 

A sample proof using induction: I will give two versions of this proof. 
In the first proof I explain in detail how one uses the PMI. The second proof 
is less pedagogical and is the type of proof I expect students to construct. I 
call the statement I want to prove a proposition. It might also be called a 
theorem, lemma or corollary depending on the situation. 

Proposition 2.1. If n > 5 then 2 n > 5n. 

Proof #1. Here we use The Principle of Mathematical Induction. Note that 
PMI has two parts which we denote by PMI (a) and PMI (b). 

We let P(n) be the statement 2 n > 5n. For n we take 5. We could write 
simply: 

P{n) = T > hn and n = 5. 

Note that P(n) represents a statement, usually an inequality or an equation 
but sometimes a more complicated assertion. Now if n = 4 then P(n) be- 
comes the statement 2 4 > 5 • 4 which is false! But if n = 5, P(n) is the 
statement 2 5 > 5 • 5 or 32 > 25 which is true and we have established PMI 
(a). 
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CHAPTER 2. PROOF BY INDUCTION 



Now to prove PMI (b) we begin by assuming that 
P(n) is true for 5 < n < k. 

That is, we assume 

(2.1) 2 n > 5n for 5 < n < k. 

The assumption (2.1) is called the induction hypothesis. We want to 
use it to prove that P(n) holds when n = k + 1. So here's what we do. By 

(2.1) letting n — k we have 

2 k > 5k. 

Multiply both sides by two and we get 

(2.2) 2 k+1 > 10k. 

Note that we are trying to prove 2 k+1 > 5(k + 1). Now 5 (A: + 1) = 5 A: + 5 so 
if we can show 10k > 5k + 5 we can use (2.2) to complete the proof. 

Now 10A: = 5k + 5k and k > 5 by (2.1) so k > 1 and hence 5/c > 5. 
Therefore 

10k = 5k + 5k > 5k + 5 = 5(Jfc + 1). 

Thus 

2 k+1 > 10k > 5(k + 1) 

so 

(2.3) 2 k+1 > 5(k + 1). 

that is, P(n) holds when n = k + 1. So assuming the induction hypothesis 
(2.1) we have proved (2.3). Thus we have established PMI (b). 

We have established that parts (a) and (b) of PMI hold for this particular 
P{n) and n . So the PMI tells us that P(n) holds for n > 5. That is, 2 n > 5n 
holds for n > 5. □ 

I now give a more streamlined proof. 
Proposition 2.2. If n > 5 then 2 n > 5n. 
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Proof #2. We prove the proposition by induction on the variable n. 

If n — 5 we have 2 5 > 5 • 5 or 32 > 25 which is true. 

Assume 



2 n > 5n for 5 < n < k (the induction hypothesis). 



Taking n — k we have 

2 k > 5k. 

Multiplying both sides by 2 gives 

2 k+1 > 10k. 



Now 10k = 5k + 5 A; and k > 5 so k > 1 and therefore 5k > 5. Hence 
lOJfc = 5k + 5k > 5k + 5 = 5(k + 1). 

It follows that 

2 k+1 > 10k > 5(k + 1) 

and therefore 

2 k+l > 5(k + l). 

Hence by PMI we conclude that 2 n > 5n for n > 5. □ 
The 8 major parts of a proof by induction: 

1. First state what proposition you are going to prove. Precede the state- 
ment by Proposition, Theorem, Lemma, Corollary, Fact, or To Prove:. 

2. Write the Proof or Pf. at the very beginning of your proof. 

3. Say that you are going to use induction (some proofs do not use induc- 
tion!) and if it is not obvious from the statement of the proposition 
identify clearly P(n), the statement to be proved, the variable n and 
the starting value n . Even though this is usually clear, sometimes 
these things may not be obvious. And, of course, the variable need not 
be n. It could be represented in many different ways. 

4. Prove that P(n) holds when n — n . 

5. Assume that P(n) holds for n < n < k. This assumption will be 
referred to as the induction hypothesis. 
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CHAPTER 2. PROOF BY INDUCTION 



6. Use the induction hypothesis and anything else that is known to be 
true to prove that P{n) holds when n = k + 1. 

7. Conclude that since the conditions of the PMI have been met then 
P(n) holds for n > n . 

8. Write QED or ■ or // or something to indicate that you have com- 
pleted your proof. 

Exercise 2.1. Prove that 2 n > Qn for n > 5. 

^ . , n(n + 1) „ 
Exercise 2.2. Prove that 1 + 2 H hn = — for n > 1. 

2 

Exercise 2.3. Prove that if < a < b then < a n < b n for all n G N. 
Exercise 2.4. Prove that n! < n n for n > 2. 

Exercise 2.5. Prove that if a and r are real numbers and r / 1, then for 
n > 1 



a + ar + ar 2 + • • • + ar" 



a (r n+1 - 1) 



This can be written as follows 

a(r n+1 - 1) = (r - l)(a + ar + ar 2 + • • • + ar n ). 
And important special case of which is 

( r n+l _ ^ = _ ^ + r + r 2 + . . . + r ny 

Exercise 2.6. Prove that 1 + 2 + 2 2 + • • • + 2 n = 2 n+1 - 1 for n > 1. 

10 n - 1 

Exercise 2.7. Prove that 111 - • 1 = for n > 1. 

nl's 

Exercise 2.8. Prove that l 2 + 2 2 + 3 2 + • • • + n 2 = n ( n + 1 )( 2n + 1 ) if n > : 

6 

Exercise 2.9. Prove that if n > 12 then n can be written as a sum of 4's 

and 5's. For example, 23 = 5 + 5 + 5 + 4 + 4 = 3- 5 + 2- 4. [Hint. In this 
case it will help to do the cases n = 12, 13, 14, and 15 separately. Then use 
induction to handle n > 16./ 
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Exercise 2.10. (a) For n > 1, the triangular number t n is the number of 
dots in a triangular array that has n rows with i dots in the i-th row. Find 
a formula for t n , n > 1. (b) Suppose that for each n > 1. Let s n be the 
number of dots in a square array that has n rows with n dots in each row. 
Find a formula for s n . The numbers s n are usually called squares. 

Exercise 2.11. Find the first 10 triangular numbers and the first 10 squares. 
Which of the triangular numbers in your list are also squares? Can you find 
the next triangular number which is a square? 

Exercise 2.12. Some propositions that can be proved by induction can also 
be proved without induction. Prove Exercises 2.2 and 2.5 without induction. 
[Hints: For 2.2 write s = 1 + 2 + - • - + (n — l)+n. Directly under this equation 
write s = n + (n — l) + - ■ - + 2 + 1. Add these equations to obtain 2s = n(n + l). 
Solve for s. For Exercise 2.5 write p = a + ar + ar 2 + • • - + ar n . Then multiply 
both sides of this equation by r to get a new equation with rp as the left hand 
side. Subtract these two equation to obtain pr — p — ar n+1 — a. Now solve 
for p.] 
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Chapter 3 



Elementary 
Properties 



Divisibility 



Definition 3.1. d | n means there is an integer k such that n = dk. d\n 
means that d \ n is false. 

Note that a \ b ^ a/b. Recall that a/b represents the fraction |. 
The expression d \ n may be read in any of the following ways: 

1. d divides n. 

2. d is a divisor of n. 

3. d is a factor of n. 

4. n is a multiple of d. 

Thus, the following five statements are equivalent, that is, they are all 
different ways of saying the same thing. 

1. 2 | 6. 

2. 2 divides 6. 

3. 2 is a divisor of 6. 

4. 2 is a factor of 6. 

5. 6 is a multiple of 2. 
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CHAPTER 3. ELEMENTARY DIVISIBILITY PROPERTIES 



Definitions will play an important role in this course. Students should learn 
all definitions and be able to state them precisely. An alternative way to 
state the definition of d I n is as follows. 



or maybe 

Definition 3.3. d \ n iff n — dk for some k. 

Keep in mind that we are assuming that all letters a,b, . . . ,z represent inte- 
gers. Otherwise we would have to add this fact to our definitions. One might 
also see the following definition sometimes. 

Definition 3.4. d | n if n = dk for some k. 

Note that -<=>- , iff, and if and only if all mean the same thing. In definitions 
such as Definition 3.4 if is interpreted to mean if and only if. It should be 
emphasized that all the above definitions are acceptable. Take your pick. 
But be careful about making up your own definitions. 
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Theorem 3.1 (Divisibility Properties). If n, m, and d are integers then 
the following statements hold: 

1. n | n [everything divides itself) 

2. d | n and n \ m =^ d | m [transitivity) 

3. d | n and d \ m =^ d \ an + bm for all a and b [linearity property) 

4. d | n =^ ad \ an [multiplication property) 

5. ad | an and a ^ =r- d | n [cancellation property) 

6. 1 | n (one divides everything) 

7. n | 1 =^ n = ±1 (1 and —1 are tae only divisors of 1.) 

8. d | [everything divides zero) 

9. | n =^ n = [zero divides only zero) 

10. If d and n are positive and d | n then d <n [comparison property) 

Exercise 3.1. Prove each of the properties 1 through 10 in Theorem 3.1. 

Definition 3.5. If c = as + bt for some integers s and t we say that c is a 
linear combination of a and b. 

Thus, statement 3 in Theorem 3.1 says that if d divides a and 6, then d 
divides all linear combinations of a and b. In particular, d divides a + b and 
a — b. This will turn out to be a useful fact. 

Exercise 3.2. Prove that if d \ a and d \ b then d \ a — b. 

Exercise 3.3. Prove that if a G Z then the only positive divisor of both a 
and a + 1 is 1. 
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Chapter 4 



The Floor and Ceiling of a Real 
Number 

Here we define the floor, a.k.a., the greatest integer, and the ceiling, a.k.a., 
the least integer, functions. Kenneth Iverson introduced this notation and 
the terms floor and ceiling in the early 1960s — according to Donald Knuth 
[6] who has done a lot to popularize the notation. Now this notation is 
standard in most areas of mathematics. 

Definition 4.1. If x is any real number we define 

[x\ = the greatest integer less than or equal to x 

\x\ = the least integer greater than or equal to x 

[x\ is called the floor of x and \x\ is called the ceiling of x The floor |_^J is 
sometimes denoted [x] and called the greatest integer function. But I prefer 
the notation |_^J • Here are a few simple examples: 

1. |_3.1J = 3 and [3.1] = 4 

2. [3J = 3 and [3] = 3 

3. [-3.1J = -4 and [-3.1] = -3 

From now on we mostly concentrate on the floor |_^J • For a more detailed 
treatment of both the floor and ceiling see the book Concrete Mathemat- 
ics [5] . According to the definition of |_^J we have 

(4.1) L^J = max{n G Z | n < x} 
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14 CHAPTER 4. THE FLOOR AND CEILING OF A REAL NUMBER 



Note also that if n is an integer we have: 

(4.2) n = [x\ n < x < n + 1. 
From this it is clear that 

[x\ < x holds for all x, 

and 

[x\ = x -<=>- 

We need the following lemma to prove our next theorem. 
Lemma 4.1. For all x EM. 

x — 1 < [x\ < x. 

Proof. Let n — [x\. Then by (4.2) we have n < x < n + 1. This gives 
immediately that |_^J < x, as already noted above. It also gives x < n + 1 
which implies that x — 1 < n, that is, £ — 1 < |_^J • □ 

Exercise 4.1. Sketch the graph of the function f(x) = [x\ for — 3 < x < 3. 

Exercise 4.2. Find [vrj, [vr], [v^J, iV^l, L-^Ji ^1 > L~ V^J , and f-v^l- 

Definition 4.2. Recall that the decimal representation of a positive in- 
teger a is given by a — a n _ia n _ 2 • • • aia where 

(4.3) a = a n _i 10 n_1 + a n _ 2 10 n " 2 + • • • + a x 10 + a 

and the di^iis a n _i, a n _2, . . . , ai, a are in the set {0, 1, 2, 3, 4, 5, 6, 7, 8, 9} with 
a n -i ^ 0. In this case we say that the integer a is an n digit number or 
that a is n digits long. 

Exercise 4.3. Prove that a G N is an n digit number where n = [log(a)J +1. 
Here log means logarithm to base 10. Hint: Show that if (4.3) holds with 
a n -i 7^ then 10 n_1 < a < 10 n . Then apply the log to all terms of this 
inequality. 

Exercise 4.4. Use the previous exercise to determine the number of digits 
in the decimal representation of the number 2 3321928 . Recall that \og(x y ) = 
y log(a;) when x and y are positive. 



Chapter 5 

The Division Algorithm 



The goal of this section is to prove the following important result. 

Theorem 5.1 (The Division Algorithm). If a and b are integers and 
b > then there exist unique integers q and r satisfying the two conditions: 

(5.1) a = bq + r and < r < b. 

In this situation q is called the quotient and r is called the remainder 
when a is divided by b. Note that there are two parts to this result. One 
part is the EXISTENCE of integers q and r satisfying (5.1) and the second 
part is the UNIQUENESS of the integers q and r satisfying (5.1). 



Proof. Given b > and any a define 

a 

Q = lb. 

r = a — bq 



Cleary we have a — bq + r. But we need to prove that < r < b. By 
Lemma 4.1 we have 



a 
b 



1 < 



a 

L6J 



< 



a 
b' 



Now multiply all terms of this inequality by —b. Since b is positive, —b is 
negative so the direction of the inequality is reversed, giving us: 



a > 



a 

.6. 



> -a. 
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CHAPTER 5. THE DIVISION ALGORITHM 



If we add a to all sides of the inequality and replace [a/b\ by q we obtain 

b > a - bq > 0. 

Since r = a — bq this gives us the desired result < r < b. 

We still have to prove that q and r are uniquely determined. To do this 
we assume that 

a = bqi + r 1 and < r 1 < 6, 

and 

a — bq 2 + r 2 and < r 2 < b. 

We must show that r\ = r 2 and q\ = q 2 . If n 7^ r 2 without loss of generality 
we can assume that r 2 > r\. Subtracting these two equations we obtain 

= a - a = (bq! + n) - (bq 2 + r 2 ) = b(qi - q 2 ) + (n - r 2 ). 

This implies that 

(5.2) r 2 -r 1 = b(q 1 -q 2 ). 

This implies that b \ r 2 —r\. By Theorem 3.1(10) this implies that b < r 2 — r\. 
But since 

< n < r 2 < b 

we have r 2 — r 1 < b. This contradicts b < r 2 — r\. So we must conclude that 
r 1 = r 2 . Now from (5.2) we have = b(q\ — q 2 ). Since b > this tells us that 
Qi — Q2 — 0, that is, q 1 = q 2 . This completes the proof of the uniqueness of r 
and q in (5.1). □ 

Definition 5.1. An integer n is even if n — 2k for some k, and is odd if 

n — 2k + 1 for some k. 

Exercise 5.1. Prove using the Division Algorithm that every integer is either 
even or odd, but never both. 

Definition 5.2. By the parity of an integer we mean whether it is even or 
odd. 

Exercise 5.2. Prove n and n 2 always have the same parity. That is, n is 
even if and only if n 2 is even. 
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Exercise 5.3. Find the q and r of the Division Algorithm for the following 
values of a and b: 

1. Let b = 3 and a = 0, 1, -1, 10, -10. 

2. Let b = 345 and a = 0, -1, 1, 344, 7863, -7863. 

Exercise 5.4. Devise a method for solving problems like those in the previ- 
ous exercise for large positive values of a and b using a calculator. Illustrate 
by using a = 123456 and b = 123. Hint: If a — bq + r and < r < b then 
f = 9 + | and so | is t/ie fractional part of the decimal number |. So q is 
what you get when you drop the fractional part. Once you have q you can 
solve a — bq + r for r. 

Sometimes a problem in number theory can be solved by dividing the integers 
into various classes depending on their remainders when divided by some 
number b. For example, this is helpful in solving the following two problems. 

Exercise 5.5. Show that for all integers n the number n 3 — n always has 3 
as a factor. (Consider the three cases: n = 3k, n = 3k + 1, n — 3k + 2.) 

Exercise 5.6. Show that the product of any three consecutive integers has 
6 as a factor. (How many cases should you use here?) 

Definition 5.3. For b > define a mod b — r where r is the remainder given 
by the Division Algorithm when a is divided by 6, that is, a — bq + r and 
< r < b. 

For example 23 mod 7 = 2 since 23 = 7 • 3 + 2 and —4 mod 5 = 1 since 
-4 = 5-(-l) + l. 

Note that some calculators and most programming languages have a func- 
tion often denoted by MOD(a, b) or mod(a, b) whose value is what we have 
just defined as a mod b. When this is the case the values r and q in the 
Division Algorithm for given a and b > are given by 

r = a mod b 

a — (a mod 6) 

q = b 

If also the floor function is available we have 



r = a mod b 
q = [a/b\ 
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Exercise 5.7. Prove that if 6 > then 6 \ a -<=>- a mod 6 = 0. 
Exercise 5.8. Prove that if b ^ then b \ a -<=>- a/6 6 Z. 
Exercise 5.9. Calculate the following: 



1. 


mod 10 


2. 


123 mod 10 


3. 


10 mod 123 


4. 


457 mod 33 


5. 


(—7) mod 3 


6. 


(—3) mod 7 


7. 


(—5) mod 5 



Exercise 5.10. Use the Division Algorithm to prove the following more 
general version: If 6 ^ then for any a there exists unique q and r such that 

(5.3) a = bq + r and 0<r<|6|. 

Hint: Recall that \ b\ is 6 if 6 > and is —6 if 6 < 0. We know the statement 
holds if 6 > so we only need to consider the case when 6 < 0. If b is 
negative then —6 is positive, so we can apply the Division Algorithm to a and 
—6. Note that a as well as q can be any integers. This exercise may come in 
handy later. 



Chapter 6 

Greatest Common Divisor 



Definition 6.1. Let a, b 6 Z. If a ^ or b ^ 0, we define gcd(a, 6) to be the 
largest integer d such that d \ a and d \ b. We define gcd(0, 0) = 0. 

Discussion. If e | a and e | 6 we call e a common divisor of a and b. Let 

C(a, b) — {e : e | a and e | 6}, 

that is, C(a, b) is the set of all common divisors of a and b. Note that since 
everything divides 

C(0,0) = Z 

so there is no largest common divisor of with 0. This is why we must define 
gcd(0, 0) = 0. 

Example 6.1. 

C(18, 30) = {-1, 1, -2, 2, -3, 3, -6, 6}. 

So gcd(18,30) = 6. 

Lemma 6.1. If e \ a then —e | a. 

Proof. If e | a then a = ek for some k. Then a = (—e)(—k). Since — e and 
—A: are also integers —e\a. □ 

Lemma 6.2. If a^0, the largest positive integer that divides a is \a\. 
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Proof. Recall that 

I I _ f a if a > 
'°' ~~ \ -a if a < 0. 

First note that \a\ actually divides a: If a > 0, since we know a \ a we have 
|a| | a. If a < 0, |a| = —a. In this case a = (— a)(— 1) = |a|(— 1) so |a| is a 
factor of a. So, in either case \a\ divides a, and in either case \a\ > 0, since 
a^0. 

Now suppose d \ a and d is positive. Then a = dk some A; so —a = d(—k) 
for some A;. So d | |a|. So by Theorem 3.1 (10) we have d < \a\. □ 

The following lemma shows that in computing gcd's we may restrict our- 
selves to the case where both integers are positive. 

Lemma 6.3. gcd(a, b) = gcd(|a|, |6|). 

Proof. If a = and b — 0, we have \a\ = a and \b\ = b. So gcd(a, 6) = 
gcd(|a|, |6|). Suppose one of a or 6 is not 0. Note that d | a <=>■ d \ \a\. See 
Exercise 6.1. It follows that 

C(a,b) = C(\a\,\b\). 

So the largest common divisor of a and b is also the largest common divisor 
of \a\ and \b\. □ 

Exercise 6.1. Prove that 

d | a -w- d | \a\ 

[Hint: recall that \a\ — a if a > and \a\ = —a if a < 0. So you need to 
consider two cases.] 

Lemma 6.4. gcd(a, b) = gcd(6,a). 

Proof. Clearly C(a, b) = C(b, a). It follows that the largest integer in C(a, b) 
is the largest integer in C(b, a), that is, gcd(a, b) = gcd(6, a). □ 

Lemma 6.5. If a ^ or b ^ 0, then gcd(a, b) exists and satisfies 

< gcd(a, b) < min{|a|, \b\}. 
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Proof. Note that gcd(a, b) is the largest integer in the set C(a, b) of common 
division of a and b. Since 1 | a and 1 | b we know that 1 6 C(a, 6). So 
the largest common divisor must be at least 1 and is therefore positive. On 
the other hand d £ C(a,f)) 4 d \a\ and d | |6| so d is no larger than \a\ 
and no larger than \b\. So d is at most the smaller of \a\ and \b\. Hence 
gcd(a, b) < min{|a|, |6|}. □ 

Example 6.2. From the above lemmas we have 

gcd(48, 732) = gcd(-48, 732) 
= gcd(-48, -732) 
= gcd(48, -732). 

We also know that 

< gcd(48, 732) < 48. 

Since if d — gcd(48, 732), then d | 48, to find d we may check only which 
positive divisors of 48 also divide 732. 

Exercise 6.2. Find gcd(48, 732) using Example 6.2. 

Exercise 6.3. Find gcd(a, b) for each of the following values of a and b: 

(1) a = -b, b= 14 

(2) a = -1, b = 78654 

(3) a = 0, b = -78 

(4) a = 2, b = -786541 
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Chapter 7 

The Euclidean Algorithm 



Unlike the Division Algorithm, the Euclidean Algorithm really is an algo- 
rithm. It provides a method to compute gcd(a, b). Since as already noted 
gcd(0, 0) = 0, gcd(a, b) = gcd(|a|, |6|), and gcd(a, b) = gcd(6, a), it suffices to 
give a method to compute gcd(a, b) when a > b > 0. 

Lemma 7.1. If a > 0, then gcd(a, 0) = a. 

Proof. Since every integer divides 0, C(a,0) is just the set of divisors of a. 
By Lemma 6.2 the largest divisor of a is \a\. Since a > 0, \a\ = a. This shows 
that gcd(a, 0) = a. □ 

Remark 7.1. So we are now reduced to the problem of finding gcd(a, b) when 
a > b > 0. 

Exercise 7.1. Prove that if a > then gcd(a, a) = a. 

Now having done Exercise 7.1 we only need to consider the case a > b > 0. 

Lemma 7.2. Let a > b > 0. // a = bq + r, t/ien 

gcd(a, 6) = gcd(6, r). 

Proof. It suffices to show that C(a, b) = C(b, r), that is, the common divisors 
of a and b are the same as the common divisors of b and r. To show this 
first let d | a and d \ b. Note that r = a — bq, which is a linear combination 
of a and 6. So by Theorem 3.1(3) d \ r. Thus d \ b and d \ r. Next assume 
d | 6 and d | r. Using Theorem 3.1(3) again and the fact that a — bq + r is 
a linear combination of b and r, we have d | a. So d | a and d \ b. We have 
thus shown that C(a, b) = C(b, r). So gcd(a, b) = gcd(6, r). □ 
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Remark 7.2. The Euclidean Algorithm is the process of using Lemmas 7.2 
and 7.1 to compute gcd(a, b) when a > b > 0. 

Rather than give a precise statement of the algorithm I will give an ex- 
ample to show how it goes. 

Example 7.1. Let's compute gcd(803, 154). 



gcd(803, 154) = gcd(154, 33) since 803 = 154-5 + 33 

gcd(154, 33) = gcd(33, 22) since 154 = 33 • 4 + 22 

gcd(33, 22) = gcd(22, 11) since 33 = 22 • 1 + 11 

gcd(22,ll) = gcd(ll,0) since 22 = 11 • 1 + 

gcd(ll,0) = 11. 

Hence gcd(803, 154) = 11. 

Remark 7.3. Note that we have formed the gcd of 803 and 154 without fac- 
toring 803 and 154. This method is generally much faster than factoring and 
can find gcd's when factoring is not feasible. 

Exercise 7.2. Let a > b > 0. Show that gcd(a, b) = gcd(6, a mod 6). 

Remark 7.4. So if your calculator can compute a mod b you may use it when 
executing the Euclidean Algorithm. 

Exercise 7.3. Find gcd(a, b) using the Euclidean Algorithm for each of the 
values below: 

(1) a = 37, 6 = 60 

(2) a = 793, b = 3172 

(3) a = 25174, b = 42722 

(4) a = 377, b = 233 



Chapter 8 
Bezout's Lemma 



Lemma 8.1 (Bezout's Lemma). For all integers a and b there exist inte- 
gers s and t such that 

gcd(a, b) — sa + tb. 
Proof. If a = b — then s and t may be anything since 

gcd(0,0) = = s-0 + t-0. 
So we may assume that a ^ or b ^ 0. Let 

J = {na + mb : n, m G Z}. 
Note that J contains a, —a, 6 and —b since 

a = 1 • a + • b 
-a= (-1) -a + 0-6 

b = • a+ 1 • 6 
_6 = • a + (-1) • 6. 

Since a 7^ or b ^ one of the elements a, —a, 6, —6 is positive. So we can 
say that J contains some positive integers. Let S denote the set of positive 
integers in J. That is, 

S = {na + mb : na + mb > 0, n, m G Z}. 

By the Well-Ordering Property for N, <S contains a smallest positive in- 
teger, call it d. Let's show that d = gcd(a, 6). Note that since d G S we have 
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d = sa+tb for some integers, s and t. Note also that d > 0. Let e = gcd(a, b). 
Then e | a and e | 6, so by Theorem 3.1 (3) e | sa + £6, that is e | d. Since e 
and d are positive, by Theorem 3.1 (10) we have e < d. So if we can show 
that d is a common divisor of a and 6 we will know that e = d. To show d \ a 
using the Division Algorithm we write a — dq + r where < r < d. Now 

r = a — dq 
— a — (sa + tb)q 
= (1 - sq)a + (-tq)b. 

Hence r G J. If r > then r G S 1 . But this cannot be since r < d and d is the 
smallest integer in S. So we must have r = 0. That is, a = dg. Hence d | a. 
By a similar argument we can show that d | b. Thus, d is indeed a common 
divisor of a and 6 since d > e = gcd(a, 6), we must have d = gcd(a, b). As 
noted already d = sa + £6, so the theorem is proved. □ 

Example 8.1. 1 = gcd(2, 3) and we have 1 = (—1)2 + 1-3. Also we have 
1 = 2 • 2 + (— 1)3. So the numbers s and t in Bezout's Lemma are not uniquely 
determined. In fact, as we will see later there are infinitely many choices for 
s and t for each pair a, b. 

Remark 8.1. The above proof is an existence theorem. It asserts the existence 
of s and t, but does not provide a way to actually find s and t. Also the proof 
does not give any clue about how to go about calculating s and t. We will 
give an algorithm in the next chapter for finding s and t. 



Chapter 9 

Blankinship's Method 

In an article in the August-September 1963 issue of the American Mathe- 
matical Monthly, W.A. Blankinship 1 gave a simple method to produce the 
integers s and t in Bezout's Lemma and at the same time produce gcd(a, 6): 
Given a > b > we start with the array 

a 1 0" 
b 1 

Then we continue to add multiples of one row to another row, alternating 
choice of rows until we reach an array of the form 



or 



"0 


Xi 


%2 


d 


yi 


2/2 


~d 


yi 


2/2 





Xi 


X2 



Then d = gcd(a, b) = y^a + y-ib. [The goal is to get a in the first column.] 

Examples 9.1. First take a — 35, b — 15. 

"35 1 0" 
15 1 

Note 35 = 15 • 2 + 5, hence 

35 + 15(-2) = 5. 
1 Thanks to Chris Miller for bringing this method to my attention. 
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So we multiply row 2 by —2 and add it to row 1, getting 



5 1 -2 
15 1 

Now 3 • 5 = 15 or 15 + (—3)5 = 0, so we multiply row 1 by —3 and add it to 
row 2, getting 

"5 1 -2" 
0-3 7 

Now we can say that 
and 



gcd(35, 15) = 5 



5 = 1- 35 + (-2) • 15. 



Let's now consider a more complicated example: Take a = 1876, b = 365. 

"1876 1 0" 
365 1 

Now 1876 = 365 • 5 + 51 so we add —5 times the second row to the first row, 
getting: 

"51 1 -51 
365 1 

Now 365 = 51 • 7 + 8, so we add —7 times row 1 to row 2, getting: 

'51 1 -5' 

8 -7 36 

Now 51 = 8 • 6 + 3, so we add —6 times row 2 to row 1, getting: 

3 43 -221 
8 -7 36 

Now 8 = 3 • 2 + 2, so we add —2 times row 1 to row 2, getting: 

3 43 -221" 
2 -93 478 

Then 3 = 2 • 1 + 1, so we add —1 times row 2 to row 1, getting: 

1 136 -699" 

2 -93 478 
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Finally, 2 = 1 • 2 so if we add —2 times row 1 to row 2 we get: 
(*) 

This tells us that 



136 

-365 



-699 
1876 



gcd(1876,365) 



and 

(**) 



136 • 1876 + (-699)365. 



Note that it was not necessary to compute the last two entries —365 and 
1876 in (*). It is a good idea however to check that equation (**) holds. In 
this case we have: 



136 • 1876 
(-699) • 365 



255136 
-255135 



So it is correct. 

Why Blankinship's Method works: Note that just looking at what 
happens in the first column you see that we are just doing the Euclidean 
Algorithm, so when one element in column 1 is 0, the other is, in fact, the 
gcd. Note that at the start we have 

~a 1 0" 
b 1 

and 

a= l-a + 0-6 
b = ■ a + 1 ■ b. 

One can show that at every intermediate step 



we always have 



h yi 



CL\ = X\CL 

bi = yia ■ 



X2 
V2 



x 2 b 
V2b, 



and the result follows. I will omit the details. 
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Exercise 9.1. Use Blankinship's method to compute the s and t in Bezout's 
Lemma for each of the following values of a and b. 

(1) a = 267, 6 = 112 

(2) a = 216, 6= 135 

(3) a= 11312, 6 = 11321 

Exercise 9.2. Show that if 1 = as + 6t then gcd(a, b) = 1. 

Exercise 9.3. Find integers a, 6, d, s, t such that all of the following hold 

(1) a > 0, b > 0, 

(2) d — sa + tb, and 

(3) d^gcd(a,6). 

Note that d in Exercise 9.3 cannot be 1 by Exercise 9.2. 



Chapter 10 
Prime Numbers 



Definition 10.1. An integer p is prime if p > 2 and the only positive 
divisors of p are 1 and p. An integer n is composite if n > 2 and n is not 
prime. 

Remark 10.1. The number 1 is neither prime nor composite. 

Lemma 10.1. An integer n > 2 is composite if and only if there are integers 
a and b such that n — ah, 1 < a < n, and 1 < b < n. 

Proof. Let n > 2. If n is composite there is a positive integer a such that 
a ^ 1, a ^ n and a \ n. This means that n — ah for some h. Since n and a 
are positive so is h. Hence 1 < a and 1 < 6. By Theorem 3.1(10) a < n and 
b < n. Since a / 1 and a ^ n we have 1 < a < n. If 6=1 then a = n, which 
is not possible, so b ^ 1. If 6 = n then a = 1, which is also not possible. So 
1 < 6 < n. The converse is obvious. □ 

Lemma 10.2. If n > 1, there is a prime p such that p \ n. 

Proof. Assume there is some integer n > 1 which has no prime divisor. Let 
S denote the set of all such integers. By the Well-Ordering Property there 
is a smallest such integer, call it m. Now m > 1 and has no prime divisor. 
So m cannot be prime. Hence m is composite. Therefore by Lemma 10.1 

m = ab, 1 < a < m, 1 < b < m. 

Since 1 < a < m then a is not in the set S. So a must have a prime divisor, 
call it p. Then p \ a and a \ m so by Theorem 3.1, p | m. This contradicts 
the fact that m has no prime divisor. So the set S must be empty and this 
proves the lemma. □ 
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Theorem 10.1 (Euclid's Theorem). There are infinitely many prime 
numbers. 

Proof. Assume, by way of contradiction, that there are only a finite number 
of prime numbers, say: 

p 1 ,p 2 ,...,p n . 

Define 

N = PlP2 ■■■Pn + 1- 

Since pi > 2, clearly > 3. So by Lemma 10.2 N has a prime divisor p. By 
assumption p — pi for some i — 1, . . . , n. Let a = pi ■ ■ -p n . Note that 

a = Pi (piP2 ■ ■ -Pi-iPi+i ■■■Pn), 

so Pi I a. Now N = a + 1 and by assumption | a + 1. So by Exercise 3.2 
Pi | (a + 1) — a, that is p« | 1. By Basic Axiom 3 in Chapter 1 this implies 
that Pi = 1. This contradicts the fact that primes are > 1. It follows that 
the assumption that there are only finitely many primes is not true. □ 

Exercise 10.1. Use the idea of the above proof to show that if qi, q 2 , ■ ■ ■ , q n 
are primes there is a prime q ^ {qi, . . . , q n }. Hint: Take N = qi ■ ■ ■ q n + l. By 
Lemma 10.2 there is a prime q such that q \ N. Prove that q ^ {qi, . . . , q n }. 

Exercise 10.2. Let p\ = 2,p 2 = 3,p3 = 5, . . . and, in general, Pi = the i-th 
prime. Prove or disprove that 

is prime for all n > 1. [Hint: If n — 1 we /jawe 2 + 1 = 3 is prime. If n — 2 
we /jawe 2 • 3 + 1 = 7 is prime. If n = 3 we /iowe 2-3-5 + 1 = 31 is prime. 
Try the next few values ofn. You may want to use the next theorem to check 
primality.J 

Theorem 10.2. If n > 1 is composite then n has a prime divisor p < y/n. 

Proof. Let n > 1 be composite. Then n — ab where 1 < a < n and 1 < b < n. 
I claim that one of a or b is < \/n. If not then a > ^/n and b > y/n. Hence 
n — ab > y/riy/n = n. This implies n > n, a contradiction. So a < y/n or 
b < y/n. Suppose a < y/n. Since 1 < a, by Lemma 10.2 there is a prime p 
such that p I a. Hence, by Theorem 3.1 since a \ n we have p \ n. Also by 
Theorem 3.1 since p \ a we have p < a < y/n. □ 
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Remark 10.2. We can use Theorem 10.2 to help decide whether or not an 
integer is prime: To check whether or not n > 1 is prime we need only try 
to divide it by all primes p < ^Jn. If none of these primes divides n then n 
must be prime. 



Example 10.1. Consider the number 97. Note that V97 < VlOO = 10. 
The primes < 10 are 2, 3, 5, and 7. One easily checks that 97 mod 2=1, 
97 mod 3 = 1, 97 mod 5 = 2, 97 mod 7 = 6. So none of the primes 2, 3, 5, 7 
divide 97 and 97 is prime by Theorem 10.2. 

Exercise 10.3. By using Theorem 10.2, as in the above example, determine 
the primality 1 of the following integers: 

143, 221, 199, 223, 3521. 

Definition 10.2. Let x 6 R, x > 0. ir(x) denotes the number of primes p 
such that p < x. 

For example, since the only primes p < 10 are 2, 3, 5, and 7 we have 
tt(10) = 4. 

Here is a table of values of 7r(10*) for i = 2, . . . , 10. I also include known 
approximations to ir(x). Note that the formulas for the approximations do 
not give integer values, but for the table I have rounded each to the nearest 
integer. The values in the table were computed using Maple. 



x 

10 2 
10 3 
10 4 
10 5 
10 6 
10 7 
10 8 
10 9 



ir(x) 

25 
168 
1229 
9592 
78498 
664579 
5761455 
50847534 



ln(x) 



10 10 455052511 



22 
145 
1086 
8686 
72382 
620421 
5428681 
48254942 
434294482 



ln(x)— 1 

28 
169 
1218 
9512 
78030 
661459 
5740304 
50701542 
454011971 



x -^-dt 

2 ln(t) UL 



29 
177 
1245 
9629 
78627 
664917 
5762208 
50849234 
455055614 



You may judge for yourself which approximations appear to be the best. This 
table has been continued up to 10 21 , but people are still working on finding 



1 This means determine whether or not each number is prime. 
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the value of 7r(10 22 ). Of course, the approximations are easy to compute with 
Maple but the exact value of 7r(10 22 ) is difficult to find. 

The above approximations are based on the so-called Prime Number The- 
orem first conjectured by Gauss in 1793 but not proved till over 100 years 
later by Hadamard and Vallee Poussin. 

Theorem 10.3 (The Prime Number Theorem). 

x 

(*) tt(x) ~ - . , for all x > 0. 

w w ln(z) 

Remark 10.3. (*) means that 

lim =M = 1. 

ln(x) 

Although there are infinitely many primes there are long stretches of 
consecutive integers containing no primes. 

Theorem 10.4. For any positive integer n there is an integer a such that 
the n consecutive integers 

a, a + 1, a + 2, . . . , a + (n — 1) 

are all composite. 

Proof. Given n > 1 let a — (n + 1)! + 2. We claim that all the numbers 

a + i, < i < n — 1 

are composite. Since (n + 1) > 2 clearly 2 | (n + 1)! and 2 | 2. Hence 
2 | (n + 1)! + 2. Since (n + 1)! + 2 > 2, (n + 1)! + 2 is composite. Consider 

a + z = {n + 1)! + z + 2 

where < z < n-1 so 2 < i + 2 < n+1. Thus i + 2 \ (n+1)! and z + 2 | z + 2. 
Therefore z + 2 | a + z. Now a + z>z + 2>l, soa + zis composite. □ 

Exercise 10.4. Use the Prime Number Theorem and a calculator to approx- 
imate the number of primes < 10 8 . Note ln(10 8 ) = 81n(10). 

Exercise 10.5. Find 10 consecutive composite numbers. 
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Exercise 10.6. Prove that 2 is the only even prime number. (Joke: Hence 
it is said that 2 is the "oddest" prime.) 

Exercise 10.7. Prove that if a and n are positive integers such that n > 2 
and a n — 1 is prime then a must be 2. [Hint: By Exercise 2.4 

2 n-1 0^-1) 

l + x + oTH h z n 1 = 

x — 1 

_ l = (a; - 1) (1 + x + x 2 + • • • + x 71 ' 1 ) 
if x ^ 1 and n > l.J 

Exercise 10.8. (a) Is 2 n — 1 always prime if n > 2? Explain, (b) Is 2 n — 1 
always prime if n is prime? Explain. 

Exercise 10.9. Show that if p and q are primes and p | q, then p = q. 
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Chapter 11 

Unique Factorization 



Our goal in this chapter is to prove the following fundamental theorem. 

Theorem 11.1 (The Fundamental Theorem of Arithmetic). Every 
integer n > 1 can be written uniquely in the form 

n=pip 2 ■ ■ -p a , 

where s is a positive integer and pi,P2, ■ ■ ■ ,p s are primes satisfying 

Pi<P2<---<Ps- 

Remark 11.1. If n — p\p 2 ■ ■ -p s where each is prime, we call this the prime 
factorization of n. Theorem 11.1 is sometimes stated as follows: 

Every integer n > 1 can be expressed as a product n = p\p 2 ■ ■ -p s , 
for some positive integer s, where each pi is prime and this fac- 
torization is unique except for the order of the primes 

Note for example that 

600 = 2 • 2 • 2 • 3 • 5 • 5 
= 2- 3- 2- 5- 2-5 
= 3- 5- 2- 2- 2-5 
etc. 

Perhaps the nicest way to write the prime factorization of 600 is 

600 = 2 3 • 3 • 5 2 . 
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In general it is clear that n > 1 can be written uniquely in the form 



n =V\¥2 ■ ■ -P s % some s > 1) 



where pi < P2 < ■ ■ ■ < p s and a« > 1 for all i. Sometimes (*) is written 




Here stands for product, just as stands for sum. 

To prove Theorem 11.1 we need to first establish a few lemmas. 
Lemma 11.1. If a | be and gcd(a, b) = 1 then a | c. 
Proof. Since gcd(a, b) = 1 by Bezout's Lemma there are s, t such that 

1 = as + 6i. 
If we multiply both sides by c we get 

c = cas + cbt = a(cs) + (bc)t. 

By assumption a | be. Clearly a | a(cs) so, by Theorem 3.1, a divides the 
linear combination a(cs) + (bc)t — c. □ 

Definition 11.1. We say that a and b are relatively prime if gcd(a, 6) = 1. 

So we may restate Lemma 11.1 as follows: If a \ be and a is relatively 
prime to b then a \ c. 

Example 11.1. It is not true generally that when a \ be then a \ b or a \ c. 
For example, 6 | 4 ■ 9, but 6 \ 4 and 6 \ 9. Note that Lemma 11.1 doesn't 
apply here since gcd(6, 4) ^ 1 and gcd(6, 9) ^ 1. 

Lemma 11.2 (Euclid's Lemma). 7/p is a prime and p \ ab, then p \ a or 
P I b. 

Proof. Assume that p \ ab. If p \ a we are done. Suppose p { a. Let 
d = gcd(p, a). Note that d > and d \ p and d \ a. Since d | p we have d = 1 
or d = p. If d 7^ 1 then d = p. But this says that p \ a, which we assumed 
was not true. So we must have d = 1. Hence gcd(p, a) = 1 and p \ ab. So by 
Lemma 11.1, p \ b. □ 
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Lemma 11.3. Let p be prime. Let ai, a 2 , . . . , a n , n > 1, be integers. If 
p | a\a 2 ■ ■ ■ a n , then p | a« for at least one i G {1,2, ... ,n}. 

Proof. We use induction on n. The result is clear if n — 1. Assume that the 
lemma holds for n such that 1 < n < k. Let's show it holds for n — k + 1. So 
assume p is a prime and p | a\a 2 ■ ■ ■ a^ak+i- Let a = a\a 2 ■ ■ ■ and b = a^+i- 
Then p | a or p | b by Lemma 11.2. If p | a = ai ■ ■ ■ a^, by the induction 
hypothesis, p \ a« for some i G {1, ...,&;}. Ifp | 6 = a^ + i then p | a^ + i. So we 
can say p \ a« for some i G {1, 2, . . . , k + 1}. So the lemma holds for n = k + 1. 
Hence by PMI it holds for all n > 1. □ 

Lemma 11.4 (Existence Part of Theorem 11.1). If n > 1 then there 
exist primes p\, . . . ,p s for some s > 1 such that 



n = Pl p 2 ■ ■ -p s 

andpi < p 2 < ■ ■ ■ < p s . 

Proof. Proof by induction on n, with starting value n — 2: If n = 2 then 
since 2 is prime we can take pi = 2, s = 1. Assume the lemma holds for n 
such that 2 < n < k. Let's show it holds for n = k + 1. If & + 1 is prime we 
can take s = 1 and pi = A; + 1 and we are done. If k + 1 is composite we can 
write k + 1 = ab where 1 < a < k + 1 and 1 < 6 < A: + 1. By the induction 
hypothesis there are primes p\, . . . ,p u and q\, . . . , q v such that 

a = pi---p u and b = q 1 ---q v . 

This gives us 

k + 1 = a& = pip 2 • • -P«<?i<?2 ■ ■ ■ Qv, 

that is A: + 1 is a product of primes. Let s — u + v. By reordering and 
relabeling where necessary we have 

k + 1 =pip 2 • • -p s 

where pi < p 2 < • • • < p s - So the lemma holds for n = k + 1. Hence by PMI, 
it holds for all n > 1. □ 

Lemma 11.5 (Uniqueness Part of Theorem 11.1). Let 

n = P1P2 ■ ■ - p s for some s > 1, 



40 



CHAPTER 11. UNIQUE FACTORIZATION 




Pl<P2< 



■■<P. 



•a 



and 



qi < Q2 < 



■■<q t . 



Then, t — s and Pi = g« for i — 1,2, ... ,t. 

Proof. Our proof is by induction on s. Suppose s = 1. Then n — p\ is prime 
and we have 



If t > 1, this contradicts the fact that p\ is prime. So t = 1 and we have 
Pi = <Zi, as desired. Now assume the result holds for all s such that 1 < s < k. 
We want to show that it holds for s = k + 1. So assume 



where p\ < p 2 < ■ ■ ■ < Pk+i and qi < q 2 < • • • < qt- Clearly p k+ i \ n so 
Pk+i | qi ■ ■ ■ qt- So by Lemma 11.3 Pk+i \ q% for some i G {1,2, .. . ,t}. It 
follows from Exercise 10.9 that p k+1 = Hence p k+1 — g« < q t . 

By a similar argument q t \ n so q t \ p 1 ■ ■ -pu+i and q t = pj for some j. 
Hence q t = pj < Pk+i- This shows that 



so Pk+i = qt- Note that 

P1P2 ■ ■ -PkPk+i = qiq2 ■ ■ ■ qt-iQt 
Since Pk+i = qt we can cancel this prime from both sides and we have 

P1P2 ■■■Pk = gi<?2 • --qt-i- 

Now by the induction hypothesis k — t — 1 and Pi — q^ for i — 1, . . . , t — 1. 
Thus we have k + 1 = t and Pi = q^ for i = 1, 2, . . . , t. So the lemma holds 
for s — k + 1 and by the PMI, it holds for all s > 1. □ 



Pi=n = q^ 2 ■■■qt- 



n = pip 2 ■ ■ -PkPk+i 



and 



n = qi q 2 ---q t 



Pk+i <qt< Pk+i 
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Now the proof of Theorem 11.1 follows immediately from Lemmas 11.4 
and 11.5. 

Remark 11.2. If a and b are positive integers we can find primes pi, . . . ,pk 
and integers a\ , . . . , , b\ , . . . , bk each > such that 



(**) 



For example, if a — 600 and b = 252 we have 

600 = 2 3 • 3 1 • 5 2 • 7° 
252 = 2 2 • 3 2 • 5° • 7. 

It follows that 

gcd(600, 252) = 2 2 • 3 1 • 5° • 7°. 
In general, if a and b are given by (**) we have 



gcd(a, b) = p f^M p ™n(a 2 ,b 2 ) . . . p min(a fcjbfc ) 



This gives one way to calculate the gcd provided you can factor both numbers. 
But generally speaking factorization is very difficult] On the other hand, the 
Euclidean algorithm is relatively fast. 

Exercise 11.1. Find the prime factorizations of 1147 and 1716 by trying all 
primes p < VH47 (p < V1716) m succession. 
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Chapter 12 

Fermat Primes and Mersenne 
Primes 

Finding large primes and proving that they are indeed prime is not easy. One 
way to find large primes is to look at numbers that have some special form, 
for example, numbers of the form a n + 1 or a n — 1. It is easy to rule out some 
values of a and n. For example we have: 

Theorem 12.1. Let a > 1 and n > 1. Then 

(1) a n — 1 is prime =^ a — 2 and n is prime 

(2) a n + 1 is prime ^ a is even and n — 2 k for some k > 1. 
Proof of (1). We know from Exercise 2.5, page 6, that 



(*) a n -l = (a-l)(a n " 1 + --- + a+l) 

Note that if a > 2 and n > 1 then a — 1 > 1 and a n_1 + ■ ■ ■ + a + 1 > a + 1 > 3 
so both factors in (*) are > 1 and a n — 1 is not prime. Hence if a n — 1 is 
prime we must have a = 2. Now suppose 2 n — 1 is prime. We claim that n 
is prime. If not n = st where 1 < s < n, 1 < t < n. Then 

T - 1 = 2 st - 1 = (2 s )* - 1 

is prime. But we just showed that if a n — 1 is prime we must have a = 2. So 
we must have 2 s = 2. Hence s = 1, t = n. So n is not composite. Hence n 
must be prime. This proves (1). □ 
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Proof of (2). From (*) on p. 43 we have 

(*) a n - 1 = (a - lXa™" 1 + a n ~ 2 + • • • + a + 1). 

Replace a by — a in (*) and we get 

(**) (-a) n - 1 = (-a - 1) ((-a)"" 1 + (-a)™" 2 + • • • + (-a) + l) 

Since n is odd, n — 1 is even, n — 2 is odd, . . . , etc., we have (— a) n = 
-a n , (-a)"" 1 = a"" 1 , (-a) n " 2 = -a n " 2 , . . . , etc. So (**) yields 

-(a n + 1) = -(a + 1) (a™" 1 - a n " 2 + • • • + -a + l) . 

Multiplying both sides by —1 we get 

(a™ + 1) = (a + l)(a" _1 - a n " 2 + a + 1) 

when n is odd. If n > 2 we have l<a + l<a n + l. This shows that if n is 
odd and a > 1, a n + 1 is not prime. Suppose n = 2 s t where t is odd. Then if 
a n + 1 is prime we have (a 2S )* + 1 is prime. But by what we just showed this 
cannot be prime if t is odd and t > 2. So we must have t — 1 and n = 2 s . 
Also a n + 1 prime implies that a is even since if a is odd so is a n . Then a n + 1 
would be even. The only even prime is 2. But since we assume a > 1 we 
have a > 2 so a n + 1 > 3. □ 

Definition 12.1. A number of the form M n — 2 n — 1, n > 2, is said to be 
a Mersenne number. If M n is prime, it is called a Mersenne prime. A 
number of the form F n = 2^™) + 1, n > 0, is called a Fermat number. If 
F n is prime, it is called a Fermat prime. 

One may prove that F = 3, F 1 = 5, F 2 = 17, F 3 = 257 and F 4 = 65537 
are primes. As n increases the numbers F n = 2^ + 1 increase in size 
very rapidly, and are not easy to check for primality. It is known that F n is 
composite for many values of n > 5. This includes all n such that 5 < n < 30 
and a large number of other values of n including 382447 (the largest one I 
know of). It is now conjectured that F n is composite for n > 5. So Fermat's 
original thought that F n is prime for n > seems to be pretty far from 
reality. 

Exercise 12.1. Use Maple to factor F 5 . [Go to any campus computer lab. 
Click or double-click on the Maple icon — or ask the lab assistant where it is 
located. When the window comes up, type at the prompt > the following: 
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> ifactor(2"32 + 1) ; 

Hit the return key and you will get the answer.] 

M3 = 2 3 — 1 = 7 is a Mersenne prime and M4 = 2 4 — 1 = 15 is a Mersenne 
number which is not a prime. At first it was thought that M p — TP — 1 is 
prime whenever p is prime. But Mn = 2 11 — 1 = 2047 = 23-89 is not prime. 

Over the years people have continued to work on the problem of deter- 
mining for which primes p, M p — TP — 1 is prime. To date 39 Mersenne 
primes have been found. It is known that TP — 1 is prime if p is one of the 
following 39 primes 2, 3, 5, 7, 13, 17, 19, 31, 61, 89, 107, 127, 521, 607, 1279, 
2203, 2281, 3217, 4253, 4423, 9689, 9941, 11213, 19937, 21701, 23209, 44497, 
86243, 110503, 132049, 216091, 756839, 859433, 1257787, 1398269, 2976221, 
3021377, 6972593, 13466917. 

The largest one, Mi3 466 9i 7 = 2 13466917 — 1, was found on November 14, 
2001. The decimal representation of this number has 4, 053, 946 digits. It was 
found by the team of Michael Cameron, George Woltman, Scott Kurowski et 
al, as a part of the Great Internet Mersenne Prime Search (GIMPS), 
see Chris Caldwell's page for more about this. This prime could be the 39th 
Mersenne prime (in order of size), but we will only know this for sure when 
GIMPS completes testing all exponents below this one. You can find the link 
to Chris Caldwell's page on the class syllabus on my homepage. Later we 
show the connection between Mersenne primes and perfect numbers. 

Lemma 12.1. If M n is prime, then n is prime. 

Proof. This is immediate from Theorem 12.1 (1). □ 

The most basic question about Mersenne primes is: Are there infinitely many 
Mersenne primes? 

Exercise 12.2. Determine which Mersenne numbers M n are prime when 
2 < n < 12. You may use Maple for this exercise. The Maple command for 
determining whether or not an integer n is prime is 

isprime(n) ; 

The following primality test for Mersenne numbers makes it easier to 
check whether or not M p is prime when p is a large prime. 
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Theorem 12.2 (The Lucas-Lehmer Mersenne Prime Test). Let p be 

an odd prime. Define the sequence 

ri,r 2 ,r 3 , . . . ,r p _i 

by the rules 

ri = 4 

and for k > 2, 



r k = ( r k-i ~ 2) m od Mj 



v 



Then M p is prime if and only if r p _\ = 0. 

[The proof of this is not easy. One place to find a proof is the book "A 
Selection of Problems in the Theory of Numbers" by W. Sierpinski, Pergamon 
Press, 1964.] 

Example 12.1. Let p = 5. Then M v = M 5 = 31. 

r 1 = 4 

r 2 = (4 2 - 2) mod 31 = 14 mod 31 = 14 
r 3 = (14 2 - 2) mod 31 = 194 mod 31 = 8 
r 4 = (8 2 - 2) mod 31 = 62 mod 31 = 0. 

Hence by the Lucas-Lehmer test, M 5 = 31 is prime. 

Exercise 12.3. Show using the Lucas-Lehmer test that M 7 = 127 is prime. 

Remark 12.1. Note that the Lucas-Lehmer test for M p — 2 P — 1 takes only 
p — 1 steps. On the other hand, if one attempts to prove M p prime by testing 
all primes < yjM v one must consider about 2§ steps. This is MUCH larger 
than p in general. 



Chapter 13 

The Functions a and r 



Definition 13.1. For n > define: 

r(n) = the number of positive divisors of n, 
a(n) = the sum of the positive divisors of n. 

Example 13.1. 12 = 3 • 2 2 has positive divisors 

1,2,3,4,6,12. 

Hence 

r(12) = 6 

and 

a(12) = 1 + 2 + 3 + 4 + 6 + 12 = 28. 

Definition 13.2. A positive divisor d of n is said to be a proper divisor 

of n if d < n. We denote the sum of all proper divisors of n by a*(n). 

Note that if n > 2 then 

a*(n) = a(n) — n. 
Example 13.2. <7*(12) = 16. 
Definition 13.3. n > 1 is perfect if a*(n) = n. 

Example 13.3. The proper divisors of 6 are 1, 2 and 3. So c*(6) = 6. 
Therefore 6 is perfect. 



47 



48 



CHAPTER 13. THE FUNCTIONS a AND r 



Exercise 13.1. Prove that 28 is perfect. 

The next theorem shows a simple way to compute a(n) and r(n) from 
the prime factorization of n. 

Theorem 13.1. Let 

n = P?P2 ■■■V e r r i r>l, 

where p 1 < p 2 < ■ ■ ■ < p r are primes and e« > for each i 6 {1, 2, . . . , r}. 
Then 

(1) r(n) = (ei + l)(e 2 + l)---(e r + l) 

(2) a(n)-' Pl ^ l Pr 1 



Pi-i y \ p 2 -i y V Pr - i 

Before proving this let's look at an example. Take n — 72 = 8 • 9 = 2 3 • 3 2 . 
The theorem says 

r(72) = (3 + l)(2+l) = 12 

a ( 7 2) = f ^1") f = 15 ■ 13 = 195. 



[Proof of Theorem 13.1 ^] From the Fundamental Theorem of Arithmetic 
every positive factor d of n will have its prime factors coming from those of 
n. Hence d \ n iff d = p^p^ 2 ■ ■ -p{ r where for each i: 

0<fi< e { . 

That is, for each /, we can choose a value in the set of e« + 1 numbers 
{0, 1,2,..., ei}. So, in all, there are (ei + l)(e2 + 1) • • • (e r + 1) choices for 
the exponents fi, f 2 , . . . , f r . So (1) holds. 
[Proof of (2)] We first establish two lemmas. 

Lemma 13.1. Let n — ab where a > 0, b > and gcd(a, b) = 1. Then 
a(n) = a(a)a(b). 

Proof. Since a and b have only 1 as a common factor, using the Fundamental 
Theorem of Arithmetic it is easy to see that d | ab ■<=>■ d — d\d 2 where d 1 \ a 
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and d 2 \ b. That is, the divisors of ab are products of the divisors of a and 
the divisors of b. Let 

1, di, . . . , a s 

denote the divisors of a and let 

l,6i, ...,b t 

denote the divisors of b. Then 

a (a) = 1 + di + a 2 H ha s , 

a(b) = 1 + 61 + 6 2 + • • • + b t . 

The divisors of n — ab can be listed as follows 

1,61,62, ■ ■ ■ A, 
di ■ l,di ■ 61, di • 6 2 , • • • ,di • 6t, 
d 2 ■ l,d 2 ■ 61, d 2 • 62, • • • , d 2 • b t , 

a s • l,d s • 61, d s • 6 2 , • • • ,d s • b t . 

It is important to note that since gcd(a,b) = 1, a^b^ = d^6f implies that 
dj = dfc and bj = bt. That is there are no repetitions in the above array. 
If we sum each row we get 

1 + 61 + h b t = a{b) 

ail + di&i H h aib t = aio(b) 

a s ■ 1 + a s bi H h d s 6 t = d s a(6). 

By adding these partial sums together we get 

a(n) = o(b) + dia(6) + a 2 a(b) H h d 3 a(6) 

= (1 + di + d 2 H h d s )a(6) 

= (j(d)(j(6). 

This proves the lemma. □ 
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Lemma 13.2. If p is a prime and k > we have 

°{p k ) - p - — r ■ 
p — i 

Proof. Since p is prime, the divisors of p k are l,p,p 2 , . . . ,p k . Hence 

a(p fe ) = l+ _p+_p 2 + = £ — 

p - 1 

as desired. □ 

Proof of Theorem 13.1 (%) (continued) . Let n = Pi 1 ^ 2 ' ' "Pr r - O ur P ro °f is 
by induction on r. If r = 1, n — pi 1 and the result follows from Lemma 13.2. 
Suppose the result is true when 1 < r < k. Consider now the case r = k + 1. 
That is, let 

" = P?"-lW + + i 

where the primes Pi, . . . ,Pk,Pk+i are distinct and e« > 0. Let a — p^ 1 ■ ■ -p e k k , 
b = p e k k +i ■ Clearly gcd(a, b) = 1. So by Lemma 13.1 we have a(n) = a(a)a(b). 
By the induction hypothesis 



pi - 1 j \ p k 



efc+i+l 

a(6) - Pk+1 



Pk+1 



ei + 1 _ i \ / efc+i + l 

Pi 1 \ / Pfc+1 



<r(a) 

and by Lemma 13.2 

and it follows that 

a(n) = 

Pi — L J \ Pk+i 
So the result holds for r = k + 1. By PMI it holds for r > 1. □ 
Exercise 13.2. Find and r(n) for the following values of n. 

(1) n = 900 

(2) n = 496 

(3) n = 32 
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(4) n = 128 

(5) n = 1024 

Exercise 13.3. Determine which (if any) of the numbers in Exercise 13.2 
are perfect. 

Exercise 13.4. Does Lemma 13.1 hold if we replace a by a*? [Hint: The 
answer is no, but find explicit numbers a and b such that the result fails yet 
gcd(a,6) = l.y 
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Chapter 14 

Perfect Numbers and Mersenne 
Primes 

If you do a search for perfect numbers up to 10, 000 you will find only the 
following perfect numbers: 

6 = 2-3, 
28 = 2 2 • 7, 
496 = 2 4 -31, 
8128 = 2 6 • 127. 

Note that 2 2 = 4, 2 3 = 8, 2 5 = 32, 2 7 = 128 so we have: 

6 = 2 • (2 2 - 1), 
28 = 2 2 • (2 3 - 1), 
496 = 2 4 • (2 5 - 1), 
8128 = 2 6 • (2 7 - 1). 

Note also that 2 2 — 1, 2 3 — 1, 2 5 — 1, 2 7 — 1 are Mersenne primes. One might 
conjecture that all perfect numbers follow this pattern. We discuss to what 
extent this is known to be true. We start with the following result. 

Theorem 14.1. If'2 p — 1 is a Mersenne prime, then 2 P ~ 1 • (2 P — 1) is perfect. 

Proof. Write q — 2 P — 1 and let n = 2 p ~ 1 q. Since q is odd and prime, by 
Theorem 13.1 (2) we have a(n) = a(2 p ~ 1 q) = (f^) (£t) = (2 P - l)(g + 
1) = (2p - l)2 p = 2n. That is, a{n) = 2n and n is perfect. □ 
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Now we show that all even perfect numbers have the conjectured form. 

Theorem 14.2. // n is even and perfect then there is a Mersenne prime 
2 P - 1 such that n = 2 P ~ 1 {2 P - 1). 

Proof. Let n be even and perfect. Since n is even, n = 2m for some m. We 
take out as many powers of 2 as possible obtaining 

(*) n = 2 k ■ q, k > 1, q odd. 

Since n is perfect a*(n) = n, that is, a(n) = 2n. Since q is odd, gcd(2 fc , q) = 1, 
so by Lemmas 13.1 and 13.2: 



So we have 



a(n) = a(2 k )a(q) = (2 k+1 -l)a(q). 
2 k+1 q = 2n = a{n) = (2 k+1 - l)a(q), 



hence 

(**) 2 k+1 q = (2 k+1 -l)a(q). 

Now cr*(q) = a(q) — q, so 

a(q) = <J*(q)+q. 

Putting this in (**) we get 

2 k+1 q = (2 k+1 -l)(a*(q) + q) 

or 

2 k+1 q = {2 k+1 - l)a*{q) + 2 k+1 q - q 

which implies 

(* * *) a*(q)(2 k+1 -l) = q. 

In other words, cr*(q) is a divisor of q. Since k > 1 we have 2 k+1 — 1 > 
4 — 1 = 3. So <7*{q) is a proper divisor of q. But cr*(q) is the sum of all 
proper divisors of q. This can only happen if q has only one proper divisor. 
This means that q must be prime and cr*(q) = 1. Then (* * *) shows that 
q = 2 fc+1 — 1. So q must be a Mersenne prime and k + 1 = p is prime. So 
n = 2P- 1 ■ (2P - 1), as desired. □ 
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Corollary 14.1. There is a 1-1 correspondence between even perfect num- 
bers and Mersenne primes. 

Three Open Questions: 

1. Are there infinitely many even perfect numbers? 

2. Are there infinitely many Mersenne primes? 

3. Are there any odd perfect numbers? 

So far no one has found a single odd perfect number. It is known that if 
an odd perfect number exists, it must be > 10 50 . 

Remark 14.1. Some think that Euclid's knowledge that 2 P_1 (2 P — 1) is perfect 
when 2 P — 1 is prime may have been his motivation for defining prime numbers. 
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Chapter 15 
Congruences 



Definition 15.1. Let m > 0. We write a = b (mod m) if m \ a — b, and 
we say that a is congruent to b modulo m. Here m is said to be the modulus 
of the congruence. The notation a ^ b (mod m) means that it is false that 
a = b (mod m). 

Examples 15.1. 

(1) 25 = 1 (mod 4) since 4 | 24 

(2) 25 ^ 2 (mod 4) since 4 \ 23 

(3) 1 = -3 (mod 4) since 4 | 4 

(4) a = b (mod 1) for all a, b since "1 divides everything." 

(5) a = b (mod 0) <^=^ a = b for all a, b since "0 divides only 0." 

Remark 15.1. As you see, the cases m — 1 and m = are not very interesting 
so mostly we will only be interested in the case m > 2. 

WARNING. Do not confuse the use of mod in Definition 15.1 with that 
of Definition 5.3. We shall see that the two uses of mod are related, but have 
different meanings: Recall 



a mod b — r where r is the remainder given by 
the Division Algorithm when a is divided by b 
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and by Definition 15.1 

a = b (mod m) means m \ a — b. 

Example 15.2. 

25 = 5 (mod 4) is true , 

since 4 | 20 but 

25 — 5 mod 4 is false , 
since the latter means 25 = 1. 

Remark 15.2. The mod in a = b (mod m) defines a binary relation, where- 
as the mod in a mod 6 is a binary operation. 



More terminology: Expressions such as 

x = 2 
4 2 = 16 
x 2 + 2x — sin (a;) + 3 

are called equations. By analogy, expressions such as 

x = 2 (mod 16) 
25 = 5 (mod 5) 
x 3 + 2x = Qx 2 + 3 (mod 27) 

are called congruences. Before discussing further the analogy between equa- 
tions and congruences, we show the relationship between the two different 
definitions of mod. 

Theorem 15.1. For m > and for all a, b: 

a = b (mod m) <^=^ a mod m — b mod m. 

Proof. "=>■" Assume that a = b (mod m). Let r\ = a mod m and r 2 = 
b mod m. We want to show that r\ = r 2 . By definition we have 

(1) m | a — b, 

(2) a = mqi + r 1 , < r 1 < m, and 
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(3) b = mg 2 + r 2 , < r 2 < m 
From (1) we obtain 

a — b — mt 

for some t. Hence 

a = mt + b. 

Using (2) and (3) we see that 

a = mq 1 + r 1 = m (q 2 + t) + r 2 . 

Since < r\ < m and < r 2 < m by the uniqueness part of the Division 
Algorithm we obtain r 1 = r 2 , as desired. 

" <^=" Assume that a mod m — b mod m. We must show that a = b 
(mod m). Let r = a mod m = b mod m, then by definition we have 

a = mqi + r, < r < m, 

and 

b = mg 2 + r, < r < m. 

Hence 

a — b = m(q 1 — q 2 ). 
This shows that m | a — b and hence a = b (mod m), as desired. □ 

Exercise 15.1. Prove that for all m > and for all a: 

a = a mod m (mod m). 

Exercise 15.2. Using Definition 15.1 show that the following congruences 
are true 

385 = 322 (mod 3) 
-385 = -322 (mod 3) 
1 = -17 (mod 3) 
33 = (mod 3). 

Exercise 15.3. Use Theorem 15.1 to show that the congruences in Exercise 
15.2 are valid. 
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Exercise 15.4. (a) Show that a is even •<=>■ a = (mod 2) and a is odd 
■<=>■ a = 1 (mod 2). (b) Show that a is even •<=>■ a mod 2 = and a is odd 
■<=>■ a mod 2 = 1. 

Exercise 15.5. Show that if m > and a is any integer, there is a unique 
integer r G {0, 1, 2, . . . , m — 1} such that a = r (mod m). 

Exercise 15.6. Find integers a and 6 such that < a < 15, < b < 15 and 
a& = (mod 15). 

Exercise 15.7. Find integers a and b such that 1 < a < 15, 1 < b < 15, and 
ab = 1 (mod 15). 

Exercise 15.8. Show that if d \ m and d > 0, then 

a = 6 (mod m) =>■ a = 6 (mod <2). 

The next two theorems show that congruences and equations share many 
similar properties. 

Theorem 15.2 (Congruence is an equivalence relation). For all a, b, 

c and m > we have 

(1) a = a (mod m) [reflexivity] 

(2) a = b (mod m) =¥ b = a (mod m) [symmetry] 

(3) a = b (mod m) andb = c (mod m) =>■ a = c (mod m) [transitivity] 

Proof of (1). a — a — = • m, so m | a — a. Hence a = a (mod m). □ 

Proof of (2). If a = 6 (mod m), then m | a — 6. Hence a — 6 = mg. Hence 
6 — a = m(—q), so m \ b — a. Hence 6 = a (mod m). □ 

Proof of (3) . If a = 6 (mod m) and b = c (mod m) then m | a — b and 
m | b — c. By the linearity property m \ (a — b) + (6 — c). That is, m | a — c. 
Hence a = c (mod m). □ 

Recall that a polynomial is an expression of the form 

f(x) = a n x n + a n -\x n ~ x + h aix + a . 

Here we will assume that the coefficients a n , . . . ,a are integers and x also 
represents an integer variable. Here, of course, n > and n is an integer. 
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Theorem 15.3. If a = b (mod m) and c = d (mod m), then 

(1) a ± c = b ± d (mod m) 

(2) ac = 6d (mod m) 

(3) a n = b n (mod m) /or all n > 1 

(4) /(a) = /(&) (mod m) for all polynomials f(x) with integer coefficients. 

Proof of (1). To prove (1) since a — c = a + (— c), it suffices to prove only 
the "+ case." By assumption m | a — b and m \ c — d. By linearity, m | 
(a — 6) + (c — d), that is m | (a + c) — (6 + d). Hence 



a + c = b + d (mod m). 



□ 



Proof of (2) . Since m \ a — b and m | c — <2 by linearity 

m | c(a — 6) + 6(c — d). 
Now c(a — b) + 6(c — d) = ca — bd, hence 

m | ca — bd, 

and so ca = 6d (mod m), as desired. □ 

Proof of (3). We prove a n = 6 n (mod m) by induction on n. If n = 1, the 
result is true by our assumption that a = b (mod m). Assume it holds for 
n = k. Then we have a fc = 6 fc (mod m). This, together with a = b (mod m) 
using (2) above, gives aa k = bb k (mod m). Hence a k+1 = b k+1 (mod m). So 
it holds for all n > 1, by the PMI. □ 

Proof of (4). Let /(x) = c n a; n + • • • + c\x + c . We prove by induction on n 
that if a = b (mod m) then 

c n a n + h c = c n 6 n + h c (mod m) . 

If n = we have c = c (mod m) by Theorem 15.2 (1). Assume the result 
holds for n — k. Then we have 

(*) c k a k + • • • + C\a + c = c k b k + • • • + C\b + c (mod m). 
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By part (3) above we have a k+1 = b k+1 (mod m). Since c k+ \ = c k+ \ (mod m) 
using (2) above we have 

(**) c k+1 a k+1 = c k+1 b k+1 (modm). 

Now we can apply Theorem 15.3 (1) to (*) and (**) to obtain 

c k+1 a k+1 + c k a k H h c = c k+1 b k+1 + c k b k H h c (mod m). 

So by the PMI, the result holds for n > 0. □ 

Before continuing to develop properties of congruences, we give the fol- 
lowing example to show one way that congruences can be useful. 

Example 15.3. (This example was taken from [1] Introduction to Analytic 
Number Theory, by Tom Apostol.) 
The first five Fermat numbers 

F = 3, F 1 = 5, F 2 = 17, F 3 = 257, F 4 = 65, 537 

are primes. We show using congruences without explicitly calculating F 5 that 
F 5 — 2 32 + 1 is divisible by 641 and is therefore not prime : 

2 2 = 4 

2 4 = (2 2 ) 2 = 4 2 = 16 
2 8 = (2 4 ) 2 = 16 2 = 256 
2 16 = (2 8 ) 2 = 256 2 = 65,536 

65,536 = 154 (mod 641). 

So we have 

2 16 = 154 (mod 641). 

By Theorem 15.3 (3): 

(2 16 ) 2 = (154) 2 (mod 641). 

That is, 

2 32 = 23,716 (mod 641). 

Since 

23, 716 = 640 (mod 641) 
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and 

640 = -1 (mod 641) 

we have 

2 32 = -1 (mod 641) 

and hence 

2 32 + l = (mod 641). 

So 641 | 2 32 + 1, as claimed. Clearly 2 32 + 1 ^ 641, so 2 32 + 1 is composite. Of 
course, if you already did Exercise 12.1 (p. 44) you will already know that 

2 32 + 1 = 4, 294, 967, 297 = (641) • (6, 700, 417) 

and that 641 and 6,700,417 are indeed primes. Note that 641 is the 116 th 
prime, so if you used trial division you would have had to divide by 115 
primes before reaching one that divides 2 32 + 1, and that assumes that you 
have a list of the first 116 primes. 

Theorem 15.4. If m > and 

a = r (mod m) where < r < m 

then a mod m — r. 

Exercise 15.9. Prove Theorem 15.4. [Hint: The Division Algorithm may 
be useful.] 

Exercise 15.10. Find the value of each of the following [without using 
Maple\). 

(1) 2 32 mod7 

(2) 10 35 mod 7 

(3) 3 35 mod 7 

[Hint: Use Theorem 15.4 and the ideas used in the example on page 62.] 
Exercise 15.11. Let gcd (7711,7712) = 1. Prove that 

(15.1) a = b (mod mi) and a = b (mod m 2 ) 
if and only if 

(15.2) a = b (mod 77ii77i 2 ). 
[Hint. Use Lemma 11.1, page 38.] 
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Chapter 16 

Divisibility Tests for 2, 3, 5, 9, 11 



Recall from Definition 4.2 on page 14 that the decimal representation of the 
positive integer a is given by 



a = a n _ilO n 1 + a n _ 2 10 n 2 + • • • + ailO + a 
and < cii < 9 for i = 0, 1, . . . , n — 1. 

Theorem 16.1. Let the decimal representation of a be given by (1), then 

(a) a mod 2 = a mod 2, 

(b) a mod 5 = a mod 5, 

(c) a mod 3 = (a n _i + • • • + a ) mod 3, 

(d) a mod 9 = (a„_i + • • • + a ) mod 9, 

(e) a mod 11 = (a — a\ + a 2 — 03 + • • • ) mod 11. 
Before proving this theorem, let's give some examples. 



(1) 



a = a. 



when 



1457 mod 2 



7 mod 2 



1 



1457 mod 5 



7 mod 5 = 2 



1457 mod 3 = (1 + 4 + 5 + 7) mod 3 = 17 mod 3 

= 8 mod 3 = 2 
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1457 mod 9 = (1 + 4 + 5 
= 17 mod 9 
= 8 mod 9 



+ 



7) mod 9 



8 



1457 mod 11 = 7- 5 + 4 
= 5 mod 11 



1 mod 11 



5. 



Proof of Theorem 16.1. Consider the polynomial 

f(x) = a n -\x n ~ x + V a\x + a . 

Note that 10 = (mod 2). So by Theorem 15.3 (4) 

a n _ilO n_1 H h ailO + a = a n _iO n_1 H h aiO + a (mod 2). 



This, together with Theorem 15.1, proves part (a). Since 10 = (mod 5), 
the proof of part (b) is similar. 

Note that 10 = 1 (mod 3) so applying theorem 15.3 (4) again, we have 

a n _ilO n_1 + • • • + ailO + a = a n _il n_1 + h ail + a (mod 3). 



This using Theorem 15.1 proves part (c). Since 10 = 1 (mod 9), the proof 
of part (d) is similar. 

Now 10 = -1 (mod 11) so 

a^ilO"" 1 + • • • + ailO + a = a^^-l)"" 1 + • • • + ai(-l) + a (mod 11). 

That is, 



That is 



a = a (mod 2). 



That is 



a = a n -i + • • • + a\ + a (mod 3). 



a = a — ai + a 2 



(mod 11) 



and by Theorem 15.1 we are done. 



□ 
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Remark 16.1. Note that 

m \ a a mod m = 0, 
so from Theorem 16.1 we obtain immediately the following corollary. 
Corollary 16.1. Let a be given by (1), p. 65. Then 

(a) 2 | a = 0,2,4,6 or 8 

(b) 5 | a -w- a = or 5 

(c) 3 | a 3 | a + ai + • • • + a n _i 

(d) 9 | a 4=> 9 | ao + a\ + • • • + a n _i 

(e) 11 | a -v^ 11 | ao — ai + a2 — 03 + • • • . 

Note that in applying (c), (d) and (e) we can use the fact that 

(a + m) mod m — a 

to "cast out" 3's (for (c)) and 9's (for (d)). Here's an example of "casting 
out 9's:" 

1487 mod 9 = (1 + 4 + 8 + 7) mod 9 
= (9 + 4 + 7) mod 9 
= (4 + 7) mod 9 
= (2 + 9) mod 9 
= 2 mod 9 = 2. 

So 1487 mod 9 = 2. 

Note that if < r < m then 

r mod m — r. 



Exercise 16.1. Let a = 18726132117057. Find a mod m for m = 2,3,5,9 
and 11. 
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Exercise 16.2. Let a — a n ■ ■ ■ a\a be the decimal representation of a. Then 
prove 

(a) a mod 10 = a . 

(b) a mod 100 = aia . 

(c) a mod 1000 = a 2 aia . 

Exercise 16.3. Prove that if 6 is a positive square, i.e., b — a 2 , a > 0, then 
the least significant digit of b is one of 0, 1, 4, 5, 6, 9. [Hint: b mod 10 is the 
least significant digit of b. Write a = a n _i • • • a . Then a = a (mod 10) so 
a 2 = al (mod 10). For each digit a G {0, 1, 2, . . . , 9} find al mod 10. Use 
Theorem 15.4, among other results.] 

Exercise 16.4. Are any of the following numbers squares? Explain. 



10, 11, 16, 19, 24, 25, 272, 2983, 11007, 1120378 



Chapter 17 

Divisibility Tests for 7 and 13 



Theorem 17.1. Let be the decimal representation of a. 

Then 

(a) 7 | a ^ 7 | a r ■ ■ ■ ai — 2a . 

(b) 13 | a 13 | a r ■ ■ ■ a\ — 9a . 

[Here a r ■ ■ • ai = ^ = arW' 1 + ■■■ + a 2 10 + ai.] 

Before proving this theorem we illustrate it with two examples. 

7 | 2481 ^ 7 | 248 - 2 
^ 7 | 246 
^ 7 | 24 - 12 
^ 7 | 12 

since 7 \ 12 we have 7 \ 2481. 

13 | 12987 13 | 1298 - 63 
13 | 1235 
13 | 123 - 45 
^ 13 | 78 

since 6 ■ 13 = 78, we have 13 | 78. So, by Theorem 17.1 (b), 13 | 12987. 
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Proof of 17.1 (a). Let c = a r ■ ■ ■ a\. So we have a = 10c + a . Hence —2a = 
—20c — 2ao- Now 1 = — 20 (mod 7) so we have 

— 2a = c — 2a (mod 7). 

It follows from Theorem 15.1 that 

—2a mod 7 = c — 2ao mod 7. 

Hence, 7 | —2a o 7 \ c — 2ao- Since gcd(7, —2) = 1 we have 7 | —2a ■<=>■ 7 | a. 
Hence 7 | a -w- 7 | c — 2ao, which is what we wanted to prove. □ 

Proof of 17.1 (b). (This has a similar proof to that for 17.1 (a) and is left 
for the interested reader.) □ 

Exercise 17.1. Use Theorem 17.1 (a) to determine which of the following 
are divisible by 7: 



Exercise 17.2. In the notation of Theorem 17.1, show that a mod 7 need 
not be equal to (a r ■ ■ ■ ai — 2a ) mod 7.. 



(a) 6994 



(b) 6993 



Chapter 18 

More Properties of 
Congruences 

Theorem 18.1. Let m > 2. If a and m are relatively prime, there exists a 
unique integer a* such that aa* = 1 (mod m) and < a* < m. 

We call a* the inverse of a modulo m. Note that we do not denote a* by 
a -1 since this might cause some confusion. Of course, if c = a* (mod m) 
then ac = 1 (mod m) so a* is not unique unless we specify that < a* < m. 

Proof. If gcd(a,m) = 1, then by Bezout's Lemma there exist s and t such 
that 

as + mt = 1. 

Hence 

as — 1 = m(—t), 

that is, m \ as — 1 and so as = 1 (mod m). Let a* — s mod m. Then a* = s 
(mod m) so aa* = 1 (mod m) and clearly < a* < m. 

To show uniqueness assume that ac = 1 (mod m) and < c < m. Then 
ac = aa* (mod m). So if we multiply both sides of this congruence on the 
left by c and use the fact that ca = 1 (mod m) we obtain c = a* (mod m). 
It follows from Exercise 15.5 that c = a*. □ 

Remark 18.1. From the above proof we see that Blankinship's Method may 
be used to compute the inverse of a when it exists, but for small m we may 
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often find a* by "trial and error." For example, if m — 1 5 take a = 2. Then 
we can check each element 0, 1 , 2, . . . , 14: 



^ 1 (mod 15) 

1 ^ 1 (mod 15) 

2 ^ 1 (mod 15) 

3 ^ 1 (mod 15) 

4 ^ 1 (mod 15) 

5 ^ 1 (mod 15) 

6 ^ 1 (mod 15) 

7 ^ 1 (mod 15) 

8 = 1 (mod 15) since 15 | 16 — 1. 



So we can take 2* = 8. 

Exercise 18.1. Show that the inverse of 2 modulo 7 is not the inverse of 2 
modulo 15. 

Theorem 18.2. Let m > 0. If ah = 1 (mod m) t/ien both a and b are 
relatively prime to m. 

Proof. If ab = 1 (mod m), then ra | afc — 1. So a& — 1 = mt for some t. 
Hence, 

a& + m(—t) = 1. 

By Exercise 9.2 on page 30, this implies that gcd(a, m) — 1 and gcd(6, m) = 1, 
as claimed. □ 

Corollary 18.1. a has an inverse modulo m if and only if a and m are 
relatively prime. 

Theorem 18.3 (Cancellation). Letm > and assume thatgcd(c,m) = 1. 
Then 



(*) 



ca = cb (mod m) =>- a = b (mod m). 



Proof. If gcd(c, m) = 1, there is an integer c* such that c*c = 1 (mod m). 
Now since c* = c* (mod m) and ca = c6 (mod m) by Theorem 15.3, p. 61, 



c*ca = c*c6 (mod m). 
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But c*c = 1 (mod m) so 

c*ca = a (mod m) 

and 

c* cb = b (mod m). 
By reflexivity and transitivity this yields 

a = b (mod m). 

□ 

Exercise 18.2. Find specific positive integers a, b, c and m such that c ^ 
(mod m), gcd(c, m) > 0, and ca = c6 (mod m), but a ^ b (mod m). 

Although (*) above is not generally true when gcd(c, m) > 1, we do have 
the following more general kinds of "cancellation:" 

Theorem 18.4. If c > 0, m > then 

a = b (mod m) o ca = cb (mod cm) . 
Exercise 18.3. Prove Theorem 18.4. 

Theorem 18.5. Let m > and let d = gcd(c, m). Then 

in 

ca = cb (mod m) ^ a = b (mod — ). 

Proof. Since d = gcd(c, m) we can write c = d(^) and m = d{^). Then 
gcd(|, ^j) — 1. Now rewriting ca = c6 (mod m) we have 

d — a = d-b (mod d — ). 
d d d 

Since m > 0, d > 0, so by Theorem 18.4 we have 

— a=-b (mod — -). 
d d d 

Now since gcd(|, ^) = 1, by Theorem 18.3 

a = b (mod — ). 

□ 
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Theorem 18.6. If m > and a = b (mod m) we have 

gcd(a, m) = gcd(6, m). 
Proof. Since a = b (mod m) we have a — b — mt for some t. So we can write 

(1) a — mt + b 
and 

(2) b = m(-t)+a. 

Let d = gcd(m, a) and e = gcd(m, 6). Since e | m and e | 6, from (1) e \ a so 
e is a common divisor of m and a. Hence e < d. Using (2) we see similarly 
that d < e. So d — e. □ 

Corollary 18.2. Let m > 0. Let a = b (mod m). Then a has an inverse 
modulo m if and only if b does. 

Proof. Immediate from Theorems 18.1, 18.2 and 18.6. □ 

Exercise 18.4. Determine whether or not each of the following is true. Give 
reasons in each case. 

(1) x = 3 (mod 7) =>■ gcd(a;, 7) = 1 

(2) gcd(68019, 3) = 3 

(3) 12a; = 15 (mod 35) Ax = 5 (mod 7) 

(4) x = 6 (mod 12) ^ gcd(a;, 12) = 6 

(5) 3x = 3y (mod 17) ^ x = y (mod 17) 

(6) hx = y (mod 6) =>■ 15a; = 3y (mod 18) 

(7) 12a; = Yly (mod 15) ^ x = y (mod 5) 

(8) x = 73 (mod 75) =>■ a; mod 75 = 73 

(9) x = 73 (mod 75) and < x < 75 =^ a; = 73 
(10) There is no integer x such that 

12a; = 7 (mod 33). 



Chapter 19 
Residue Classes 



Definition 19.1. Let m > be given. For each integer a we define 

(1) [a] — {x : x = a (mod m)}. 

In other words, [a] is the set of all integers that are congruent to a modulo 
m. We call [a] the residue class of a modulo m. Some people call [a] the 
congruence class or equivalence class of a modulo m. 

Theorem 19.1. For m > we have 



(2) [a] = {mq + a | q G Z}. 

Proof, x G [a] ^ x = a (mod mj^mli-a^x-a^ mq for some 
g G Z <S> z = mg + a for some g G Z. So (2) follows from the definition 
(1). ' " □ 



Note that [a] really depends on m and it would be more accurate to write 
[a] m instead of [a], but this would be too cumbersome. Nevertheless it should 
be kept clearly in mind that [a] depends on some understood value of m. 

Remark 19.1. Two alternative ways to write (2) are 

(3) [a] = {mq + a | q = 0,±1,±2,...} 
or 

(4) [a] ={..., —2m + a, — m + a,a,m + a, 2m + a, . . . }. 
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Exercise 19.1. Show that if m — 2 then [1] is the set of all odd integers and 
[0] is the set of all even integers. Show also that Z = [0] U [1] and [0] n [1] = 0. 

Exercise 19.2. Show that if m = 3, then [0] is the set of integers divisible 
by 3, [1] is the set of integers whose remainder when divided by 3 is 1, and 
[2] is the set of integers whose remainder when divided by 3 is 2. Show also 
that Z = [0] U [1] U [2] and [0] n [1] = [0] D [2] = [1] n [2] = 0. 

Theorem 19.2. For a given modulus m > we have: 

[a] = [b] <^ a = b (mod m). 

Proof. "=>■" Assume [a] = [b]. Note that since a = a (mod m) we have 
a G [a]. Since [a] = [b] we have a G [b]. By definition of [b] this gives a = b 
(mod m), as desired. 

Assume a = b (mod m). We must prove that the sets [a] and [6] are 
equal. To do this we prove that every element of [a] is in [b] and vice-versa. 
Let x G [a]. Then x = a (mod m). Since a = b (mod m), by transitivity 
x = b (mod m) so a; G [6]. Conversely, if x G [6], then x = b (mod m). By 
symmetry since a = b (mod m), b = a (mod m), so again by transitivity 
x = a (mod m) and x G [a]. This proves that [a] = [b]. □ 

Theorem 19.3. Given m > 0. For ever?/ a t/iere is a unique r such that 

[a] = [r] and < r < m. 

Proof. Let r = a mod m. Then by Exercise 15.1 (p. 59) we have a = r 
(mod m). By definiton of a mod m we have < r < m. Since a = r 
(mod m) by Theorem 19.2, [a] = [r]. To prove that r is unique, suppose 
also [a] — [r'\ where < r' < m. By Theorem 19.2 this implies that a = r' 
(mod m). This, together with < r' < m, implies by Theorem 15.4 that 
r' = a mod m — r. □ 

Theorem 19.4. Given m > 0. there are exactly m distinct residue classes 
modulo m, namely, 

[0],[l],[2],...,[m-l]. 

Proof. By Theorem 19.3 we know that every residue class [a] is equal to one 
of the residue classes: [0], [1], . . . , [m — 1]. So there are no residue classes 
not in this list. These residue classes are distinct by the uniqueness part of 
Theorem 19.3, namely if < r 1 < m and < r 2 < m and [ri] = [r 2 ], then 
by the uniqueness part of Theorem 19.3 we must have r 1 = r 2 . □ 
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Exercise 19.3. Given the modulus m > show that [a] = [a + m] and 
[a] = [a — m] for all a. 

Exercise 19.4. For any m > 0, show that if a; £ [a] then [a] = [a;]. 

Definition 19.2. Any element x 6 [a] is said to be a representative of the 
residue class [a]. 

By Exercise 19.4 if a; is a representative of [a] then [a:] = [a], that is, any 
element of a residue class may be used to represent it. 

Exercise 19.5. For any m > 0, show that if [a] n [b] ^ then [a] = [6]. 

Exercise 19.6. For any m > 0, show that if [a] ^ [6] then [a] fl [b] — 0. 

Exercise 19.7. Let m = 2. Show that 

[0] = [2] = [4] = [32] = [-2] = [-32] 

[1]- [3] = [-3] = [31] = [-31]. 
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Chapter 20 



Z m and Complete Residue 
Systems 



Throughout this section we assume a fixed modulus m > 0. 
Definition 20.1. We define 

Z m = {[a] | a G Z}, 

that is, Z m is the set of all residue classes modulo m. We call Z m t/ie ring 
of integers modulo m. In the next chapter we shall show how to add and 
multiply residue classes. This makes Z m into a ring. See Appendix A for 
the definition of ring. Often we drop the ring and just call Z m the integers 
modulo m. From Theorem 19.4 



and since no two of the residue classes [0] , [1] , . . . , [m — 1] are equal we see 
that Z m has exactly m elements. By Exercise 19.4 if we choose 



Z, 



'm 



{[0],[l],...,[m-l]} 



a e [0],ai E [1] 



a m _i G [m - 1] 



then 



N = [0],[ai] = [l] 



[a m _i] = [m - 1]. 



So we also have 



Z. 



{N, [ai], ■ ■ [dm-l]}. 
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80 CHAPTER 20. Z M AND COMPLETE RESIDUE SYSTEMS 

Example 20.1. If m — 4 we have, for example, 

8g[0],5g[1],-6g[2],11g[3]. 

And hence: 

Z 4 = {[8],[5],[-6],[11]}. 

Definition 20.2. A set of m integers 

{ao, ai, . . . , a m _i} 

is called a complete residue system modulo m if 

Z m = {[oq], [ai], . . . , [a m _i]}. 

Remark 20.1. A complete residue system modulo m is sometimes called a 
complete set of representatives for Z m . 

Example 20.2. By Theorem 19.4, p. 76, for m > 

{0,l,2,...,m-l} 
is a complete residue system modulo m. 

Example 20.3. From the above discussion it is clear that for each m > 
there are infinitely many distinct complete residue systems modulo m. For 
example, here are some examples of complete residue systems modulo 5: 

1. {0,1,2,3,4} 

2. {0,1,2,-2,-1} 

3. {10,-9,12,8,14} 

4. {0 + 5rii, 1 + 5n 2 , 2 + 5n 3 , 3 + 5n 4 , 4 + 577.4} where rii, n 2 , n 3 , n 4 , n 5 may 
be any integers. 

Definition 20.3. The set {0, 1, . . . , m — 1} is called the set of least nonneg- 
ative residues modulo m. 

Theorem 20.1. Let m > be given. 
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(1) Ifm = 2k, then 

{0,1,2,. ..,k-l,k,-(k-l),.. .,-2,-1} 
is a complete residue system modulo m. 

(2) Ifm = 2k + 1, then 

{0, 1,2, . . .,k, -k, . . ., -2, -1} 
is a complete residue system modulo m. 
Proof of (1). Since if m — 2k 

Z m = {[0], [1], . . . , [k], [k + 1], . . . , [k + i], [k + k - 1]}, 
it suffices to note that by Exercise 19.3 we have 

[k + i] = [k + i - 2k] = [-k + i} = [—(k - i)}. 

So 

[k + 1] = [-(k - 1)}, [k + 2] = [-(k - 2)}, . . . , [k + k - 1} = [-1] , 
as desired. □ 
Proof of (2) . In this case 

[k + i] = [-{2k + 1) + k + i] = [-k + i + 1] = [—(k + 

so 

[k + 1] = [-*:], [k + 2] = [-(k - 1)}, ... , [2fc] = [-1], 
as desired. □ 

Definition 20.4. The complete residue system modulo m given in Theorem 
20.1 is called the least absolute residue system modulo m. 

Remark 20.2. If one chooses in each residue class [a] the smallest nonnegative 
integer one obtains the least nonnegative residue system. If one chooses 
in each residue class [a] an element of smallest possible absolute value one 
obtains the least absolute residue system. 

Exercise 20.1. Find both the least nonnegative residue system and the least 
absolute residues for each of the moduli given below. Also, in each case find 
a third complete residue system different from these two. 

m = 3, m = 4, m = 5, m = 6, m — 7, m = 8. 



CHAPTER 20. Z M AND COMPLETE RESIDUE SYSTEMS 



Chapter 21 

Addition and Multiplication in 

m 



In this chapter we show how to define addition and multiplication of residue 
classes modulo m. With respect to these binary operations Z m is a ring as 
defined in Appendix A. 

Definition 21.1. For [a], [b] 6 Z m we define 

[a] + [b] = [a + b] 

and 

[a][b] = [ab]. 
Example 21.1. For m — 5 we have 

[2] + [3] = [5], 

and 

[2][3] = [6]. 

Note that since 5 = (mod 5) and 6 = 1 (mod 5) we have [5] = [0] and 
[6] = [1] so we can also write 

[2] + [3] = [0] 
[2][3] = [1]. 
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Since a residue class can have many representatives, it is important to 
check that the rules given in Definition 21.1 do not depend on the represen- 
tatives chosen. For example, when m — 5 we know that 

[7] = [2] and [11] = [21] 

so we should have 

[7] + [11] = [2] + [21] 

and 

[7][11] = [2][21]. 

In this case we can check that 

[7] + [11] = [18] and [2] + [21] = [23]. 

Now 23 = 18 (mod 5) since 5 | 23 - 18. Hence [18] = [23], as desired. Also 
[7] [11] = [77] and [2] [21] = [42]. Then 77 - 42 = 35 and 5 | 35 so 77 = 42 
(mod 5) and hence [77] = [42], as desired. 

Theorem 21.1. For any modulus m > if [a] — [b] and [c] — [d] then 

[a] + [ C ] = [ b ] + [ d ] 

and 

[a][c] = [b][d\. 

Proof. (This follows immediately from Theorem 15.3 (p. 61) and Theorem 
19.2 (p. 76).) □ 

Exercise 21.1. Prove Theorem 21.1. 

When performing addition and multiplication in Z m using the rules in 
Definition 21.1, due to Theorem 21.1, we may at any time replace [a] by [a'] 
if a = a' (mod m). This will sometimes make calculations easier. 

Example 21.2. Take m = 151. Then 150 = -1 (mod 151) and 149 = -2 
(mod 151), so 

[150][149] = [-l][-2] = [2] 

and 

[150] + [149] = [-1] + [-2] = [-3] = [148] 
since 148 = —3 (mod 151). 



85 



When working with Z m it is often useful to write all residue classes in 
the least nonnegative residue system, as we do in constructing the following 
addition and multiplication tables for Z 4 . 
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[0] 


[1] 


[2] 


[3] 









[0] 




1 






2 






3 






1 
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[3] 


[0] 




1 
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[0] 


[1] 


[2] 


[3] 




"0 




[0] 
















[0] 




1 




[0] 




1 




[2] 


[3] 


[2] 


[0] 


[2] 


[0] 


[2] 


[3] 


[0] 


[3] 


[2] 


[1] 



Recall that by Exercise 15.1 (p. 59) we have for all a and m > 

a = a mod m (mod m). 
So using residue classes modulo m this gives 

[a] = [a mod m] . 

Hence, 



[a] + [b] = [(a + b) mod m] 
[a] [b] = [(ab) mod m] 

So if a and b are in the set {0, 1, . . . , m — 1}, these equations give us a 
way to obtain representations of the sum and product of [a] and [b] in the 
same set. This leads to an alternative way to define Z m and addition and 
multiplication in Z m . For clarity we will use different notation. 

Definition 21.2. For m > define 

J m = {0,l,2,...,m-1} 

and for a, b G J m define 

a © b — (a + 6) mod m 
a b = (ab) mod m. 
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Remark 21.1. J m with © and © as defined is isomorphic to Z m with addition 
and multiplication given by Definition 21.1. [Students taking Elementary 
Abstract Algebra will learn a rigorous definition of the term isomorphic. For 
now, we take "isomorphic" to mean "has the same form."] The addition and 
multiplication tables for J 4 are: 
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3 
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3 
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2 
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2 


3 





3 


2 


1 



Exercise 21.2. Prove that for every modulus m > we have for all a, 6 £ J m 

[a] + [6] = [a ©6], 

and 

[a] [b] = [a 6]. 

Exercise 21.3. Construct addition and multiplication tables for J 5 . 

Exercise 21.4. Without doing it, tell how to obtain addition and multipli- 
cation tables for Z5 from the work in Exercise 21.3. 

Example 21.3. Let's solve the congruence 

(1) 272a; = 901 (mod 9). 

Using residue classes modulo 9 we see that (1) is equivalent to 

(2) 



[272a;] = [901] 
[272] [x] = [901] 
[21 [xl = [11. 



which is equivalent to 

(3) 

which is equivalent to 

(4) 

Now we know [x] 6 {[0], [1], . . . , [8]} so by trial and error we see that x 
is a solution. 



Chapter 22 
The Groups C/ 5 



Definition 22.1. Let m > 0. A residue class [a] G Z m is called a unit if 
there is another residue class [b] G Z m such that [a] [b] = [1] . In this case [a] 
and [b] are said to be inverses of each other in Z m . 

Theorem 22.1. Let m > 0. A residue class [a] G Z m is a itmi i/ and only 
if gcd(a, m) — 1. 

Proof. Let [a] be a unit. Then there is some [6] such that [a] [6] — [1]. Hence 
[a6] = [1] so a& = 1 (mod m). So by Theorem 18.2, p. 72, gcd(a,m) = 1. 

To prove the converse, let gcd(a, m) = 1. Then by Theorem 18.1, page 
71, there is an integer a* such that aa* = 1 (mod m). Hence, [aa*] = [1]. So 
[a] [a*] = [aa*] = [1], and we can take b = a*. □ 

Note that from Theorem 18.6 we see that if [a] = [b] (i.e., a = b (mod m)) 
then gcd(a, m) = 1 gcd(6, m) = 1. So in checking whether or not a residue 
class is a unit we can use any representative of the class. 

Exercise 22.1. Show that [1] and [m — 1] are always units in Z m . Hint: 
[m -1] = ["!]■ 

Definition 22.2. The set of all units in Z m is denoted by C/ m and is called 
the group of units of Z m . See Appendix A for the definition of a group. 

Theorem 22.2. Let m > 0, t/ien 

km = {[«] | 1 < i < ^ gcd(z, m) = 1}. 
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Proof. We know that if [a] G Z m then [a] = [i] where < i < m — 1. If 
m = 1 then Z m = Zi = {[0]} = {[1]} and since [1][1] = [1], [1] is a unit, 
Ui — {[1]} an d the theorem holds. If m > 2, then gcd(z,m) = 1 can only 
happen if 1 < i < m — 1, since gcd(0,m) = gcd(m, m) — m ^ 1. So the 
theorem follows from Theorem 22.1 and the above remarks. □ 

Theorem 22.3. (U m is a group 1 under multiplication.) 

(1) If[a],[b]eU m then [a][b] G U m . 

(2) For a// [a], [6], [c] m f/ m we have ([a][6])[c] = [a]([6][c]). 

(3) [l][a] = [a][l] = [a] /or a// [a] G C/ m . 

(4) For each [a] G J7 m there is a [b] G U m such that [a] [b] = [1] . 

(5) For all [a], [b] G J7 m we have [a] [6] = [6] [a]. 

Exercise 22.2. Prove Theorem 22.3. 

Example 22.1. Using Theorem 22.2 we see that 

C/ 15 = {[1],[2],[4],[7],[8],[11],[13],[14]} 
= {[l],[2],[4],[7],[-7],[-4],[-2],[-l]}. 

Note that using absolute least residue modulo 15 simplifies multiplication 
somewhat. Rather than write out the entire multiplication table, we just find 
the inverse of each element of U15: 

[1][1] = [1] 
[2][-7] = [2][8] = [l] 

[4][4] = [1] 

[7][-2] = [7][13] = [l] 

[-4][-4] = [ll][ll] = [l] 

[-1][-1] = [14][14] = [1]. 

Exercise 22.3. Find the elements of U7 in both least nonnegative and abso- 
lute least residue form and find the inverse of each element, as in the example 
above. 

1 Actually (l)-(4) are all that is required for U n to be a group. Property (5) says that 
U n is an Abelian group. See Appendix A. 
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Definition 22.3. If X is a set, the number of elements in X is denoted by 
\X\. 

Example 22.2. |{1}| = 1, |{0, 1, 3, 9}| = 4, \Z m \ = m if m > 0. 
Definition 22.4. If m > 1, 

0(m) = |{ieZ|l<i<m and gcd(i,m) = 
The function is called the Euler phi function or the Euler totient function. 
Corollary 22.1. Ifm>0, 

\U m \ = (j)(m). 

Note that 

t/i = {[l]} so 0(1) = 1 

t/ 2 = {[l]} so 0(2) = 1 

C/ 3 = {[1],[2]} so 0(3) = 2 

t / 4 = {[l],[3]} so 0(4) = 2 

t/ 5 = {[l],[2],[3],[4]} so 0(5) = 4 

C/ 6 = {[1], [5]} so 0(6) = 2 

t/7 = {[l],[2],[3],[4],[5],[6]} so 0(7) = 6. 

Generally 0(m) is not easy to calculate. However, the following theorems 
show that once the prime factorization of m is given, computing 0(m) is easy. 

Theorem 22.4. If a > and b > and gcd(a, b) = 1, then 

<f>(ab) = 0(a)0(6). 
Theorem 22.5. If p is prime and n > then 

Theorem 22.6. Let pi,p 2 , ■ ■ ■ ,Pk be distinct primes and let ni, n 2 , ■ ■ ■ ,nk be 

positive integers, then 

(pTpT ■ ■ -pT) = (pT - pT' 1 ) ■ ■ ■ {p? - P?' 1 ) ■ 
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M 



Before discussing the proofs of these three theorems, let's illustrate their 
use: 



I will sketch a proof of Theorem 22.4 in Exercise 22.6 below. Now I give 
the proof of Theorem 22.5. 

Proof of Theorem 22.5. We want to count the number of elements in the 
set A = {1, 2, . . . ,p n } that are relatively prime to p n . Let B be the set of 
elements of A that have a factor > 1 in common with A. Note that if b £ B 
and gcd (b,p n ) = d > 1, then d is a factor of p n and d > 1 so d has p as a 
factor. Hence 6 = pk, for some A;, and p < b < p n , so p < kp < p n . It follows 
that 1 < k < p 71 ' 1 . That is, 



We are interested in the number of elements of A not in B. Since \A\ — p n 
and |£> | = p n_1 , this number is p n — p n ~ x . That is, <j) (p n ) — p n — p n ~ x . □ 

The proof of Theorem 22.6 follows from Theorems 22.4 and 22.5. The 
proof is by induction on n and is quite similar to the proof of Theorem 13.1 
(2) on page 50, so I omit the details. 

Exercise 22.4. Find the sets U m , for 8 < m < 20. Note that \U m \ = 
(j)(m). Use Theorem 22.6 to calculate 4>{m) and check that you have the 
right number of elements for each set U m , 8 < m < 20. 

Exercise 22.5. Show that if 



0(12) = <f> (2 2 • 3) = (2 2 - 2 1 ) (3 1 - 3°) = 2 • 2 = 4 
0(9000) = (2 3 • 5 3 • 3 2 ) = (2 3 - 2 2 ) (5 3 - 5 2 ) (3 2 - 3 1 ) 

= 4 . 100 ■ 6 = 2400. 



Note that if p is any prime then 



cj)(p) = p-l. 



B = {p,2p^p,...,kp,...,p n - 1 p). 



m = pTp7---Pl 



where pi, . . . ,p k are distinct primes and each > 1, then 




91 



Exercise 22.6. Let a and b be relatively prime positive integers. Write 
n = ab. Define the mapping / by the rule 

f([x] n ) = ([x] a , [x] b ). 

Here we denote the residue class of x modulo m by [x] m . First illustrate each 
of the following for the special case a — 3 and 6 = 5. Then prove each in 
general. (The proof is difficult and is optional.) 

1. / : Z n — > Z a x Zb is one-to-one and onto. (This is called the Chinese 
Remainder Theorem.) 

2. / : U n — > U a x Ub is also a one-to-one, onto mapping. 

3. Conclude from (2) that <j)(ab) = (j)(a)(j)(b). 
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Chapter 23 



Two Theorems of Euler and 
Fermat 



Fermat's Big Theorem or, as it is also called, Fermat's Last Theorem states 
that x n + y n — z n has no solutions in positive integers x,y,z when n > 2. 
This was proved by Andrew Wiles in 1995 over 350 years after it was first 
mentioned by Fermat. The theorem that concerns us in this chapter is Fer- 
mat's Little Theorem. This theorem is much easier to prove, but has more 
far reaching consequences for applications to cryptography and secure trans- 
mission of data on the Internet. The first theorem below is a generalization 
of Fermat's Little Theorem due to Euler. 

Theorem 23.1 (Euler's Theorem). If m > and a is relatively prime to 
m then 



Theorem 23.2 (Fermat's Little Theorem). If p is prime and a is rela- 
tively prime to p then 



a 



.<j>(m) 



1 (mod m). 



a' 



rP" 1 = 



1 (modp). 



Let's look at some examples. Take m 



12 then 



<f>(m) = <f> (2 2 • 3) = (2 



,2 



2) (3 - 1) = 4. 
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The positive integers a < m with gcd(a,m) = 1 are 1, 5, 7 and 11. 

I 4 = 1 (mod 12) is clear 

5 2 = 1 (mod 12) since 12 | 25 — 1 



So we have verified Theorem 23.1 for the single case m = 12. 

Exercise 23.1. Verify that Theorem 23.2 holds if p — 5 by direct calculation 
as in the above example. 

Definition 23.1. (Powers of residue classes.) If [a] G U m define [a] 1 = [a] 
and for n > 1, [a] n — [a] [a] • • • [a] where there are n copies of [a] on the right. 

Theorem 23.3. // [a] G t/ m , then [a\ n £ U m for n > 1 and [a\ n = [a n \. 

Proof. We prove that [a] n = [a n ] G t/ m for n > 1 by induction on n. 
If n = 1, [a] 1 = [a] = [a 1 ] and by assumption [a] G J7 m . Suppose 



.-. (5 2 ) 2 = l 2 (mod 12) 
.-. 5 4 = 1 (mod 12). 

Now 7 = — 5 (mod 12) and since 4 is even 

7 4 = 5 4 (mod 12) 
.-. 7 4 = 1 (mod 12). 

11 = —1 (mod 12) and again since 4 is even we have 

ll 4 = (-1) 4 (mod 12) 



and 



ll 4 = 1 (mod 12). 



[a] k = [a k ] G U, 



m 



for some k > 1. Then 




= [a k ~\ [a] by the induction hypothesis 
= [a k a] by Definition 21.1, p. 83 
= [a k+1 ] since a k a = a k+1 . 



So by the PMI, the theorem holds for n > 1. 



□ 
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Note that for fixed m > if gcd(a,m) = 1 then [a] G t/ m . And using 
Theorem 23.3 we have 

a n = f (mod m) [a n ] = [1] [a] n = [1]. 

It follows that Euler's Theorem (Theorem 23.1) is equivalent to the fol- 
lowing theorem. 

Theorem 23.4. If m > and [a] G t/ m t/ien 

[a]* (m) = [1]. 

A proof of Theorem 23.4 is outlined in the following exercise. 

Exercise 23.2 (Optional). Let U m = {Ai, A 2 , . . . , A^( m )}. Here we write 
Xi for a residue class in U m to simplify notation. 

1. Show that if X G U m then 

{XXi, XX 2 , • • • , AA^( m )} = C/ m . 

2. Show that if X G f/ m then 

A Ai A A 2 • • • AA0( m ) = Ai A 2 • • • A^( m ) . 

3. Let A = AiA 2 • • • A 0(m) . Show that if A G C/ m then A*( m )A = A. 

4. Conclude from (3) that A^ m ) = [1] and hence Theor em 23.4 is true. 

Also Theorem 23.4 is an easy consequence of Lagrange's Theorem, which 
students who take (or have taken) a course in abstract algebra will learn 
about (or will already know). 

Exercise 23.3. Show that Fermat's Little Theorem follows from Euler's 
Theorem. 

Exercise 23.4. Show that if p is prime then oP = a (mod p) for all integers 
a. Hint: Consider two cases: I. gcd(a,p) = 1 and II. gcd(a,p) > 1. Note 
that in the second case p \ a. 

Exercise 23.5. Let m > 0. Let gcd(a, m) = 1. Show that 
inverse for a modulo m. (See Theorem 18.1, p. 71.) 
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Exercise 23.6. For all a 6 {1, 2, 3, 4, 5, 6} find the inverse a* of a modulo 7 

by use of Exercise 23.5. Choose a* in each case so that 1 < a* < 6. 

Example 23.1. Note that Fermat's Little Theorem can be used to simplify 
the computation of a n mod p where p is prime. Recall that if a n = r (mod p) 
where < r < p, then a n mod p — r. We can do two things to simplify the 
computation: 

(1) Replace a by a mod p. 

(2) Replace nhj n mod (p — 1). 
Suppose we want to calculate 

123 4 7865435 mQd n 

Note that 1234 = -1 + 2-3 + 4 (mod 11), that is, 1234 = 2 (mod 11). Since 
gcd(2, 11) = 1 we have 2 10 = 1 (mod 11). Now 7865435 = (786543) -10 + 5 
so 

2 7865435 _ 2 (786543).10+5 (mQd n) 

= (2 10 ) 786543 -2 5 (mod 11) 
= l 786543 -2 5 (mod 11) 
= 2 5 (mod 11), 

and 2 5 = 32 = 10 (mod 11). Hence, 

123 4 7865435 _ 1Q ^ mQd u y 

It follows that 

123 4 7865435 mQd n = 1Q 

Exercise 23.7. Use the technique in the above example to calculate 

28 1202 mod 13. 
[Here you cannot use the mod 11 trick, of course.] 



Chapter 24 

Probabilistic Primality Tests 



According to Fermat's Little Theorem, if p is prime and 1 < a < p — 1, then 

a p_1 = 1 (mod p). 
The converse is also true in the following sense: 

Theorem 24.1. If m > 2 and for all a such that 1 < a < m — 1 we have 

a m-l — y ( mo( l m ) 

then m must be prime. 

Proof. If the hypothesis holds, then for all a with 1 < a < m — 1, we know 
that a has an inverse modulo m, namely, a m_2 is an inverse for a modulo m. 
By Theorem 18.2, this says that for 1 < a < m — 1, gcd(a, m) = 1. But if m 
were not prime, then we would have m — ab with 1 < a < m, 1 < b < m. 
Then gcd(a,m) = a > 1, a contradiction. So m must be prime. □ 

Using the above theorem to check that p is prime we would have to check 

that a p_1 = 1 (mod p) for a = 1, 2, 3, . . . ,p — 1. This is a lot of work. 

Suppose we just know that 2 m_1 = 1 (mod m) for some m > 2. Must m be 

prime? Unfortunately, the answer is no. The smallest composite m satisfying 
2 m-i = ! ( mod m ^ ig m = 341 _ 

Exercise 24.1. Use Maple (or do it via hand and or calculator) to verify 
that 2 340 = 1 (mod 341) and that 341 is not prime. 
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The moral is that even if 2 m_1 = 1 (mod m), the number m need not be 
prime. 

On the other hand, consider the case of m — 63. Note that 

2 6 = 64 = 1 (mod 63). 
Hence, 2 6 = 1 (mod 63). Raising both sides to the 10th power we have 

2 60 = 1 (mod 63). 
Then multiplying both sides by 2 2 we get 

2 62 = 4 (mod 63) 

since 

4 ^ 1 (mod 63) 
we have 



2 62 ^ 1 (mod 63). 



This tells us that 63 is not prime, without factoring 63. We emphasize that 
in general if 2 m_1 ^ 1 (mod m) then we can be sure that m is not prime. 

FACT. There are 455,052,511 odd primes p < 10 10 , all of which satisfy 
2 P_1 = 1 (mod p). There are only 14,884 composite numbers 2 < m < 10 10 
that satisfy 2 m_1 = 1 (mod m). Thus, if 2 < m < 10 10 and m satisfies 
2 m_1 = 1 (mod m), the probability m is prime is 

455 >° 52 - 511 „ .999967292. 
455,052,511 + 14,884 

In other words, if you find that 2 m_1 = 1 (mod m), then it is highly likely 
(but not a certainty) that m is prime, at least when m < 10 10 . Thus the 
following Maple procedure will almost always give the correct answer: 

> is_prob_prime:=proc(n) 

if n <=1 or Power(2,n-l) mod n <> 1 then 

return "not prime" ; 
else 

return "probably prime"; 
end if ; 
end proc: 
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Note that the Maple command Power (a,n-l) mod n is an efficient way 
to compute a n_1 mod n. We discuss this in more detail later. The procedure 
is_prob_prime(n) just defined returns "probably prime" if 2 n_1 mod n = 1 
and "not prime" if n < 1 or if 2 n_1 mod n ^ 1. If the answer is "not prime" , 
then we know definitely that n is not prime. If the answer is "probably 
prime" , we know that there is a very small probability that n is not prime. 

In practice, there are better probabilistic primality tests than that men- 
tioned above. For more details see, for example, "Elementary Number The- 
ory," Fourth Edition, by Kenneth Rosen. 

The built-in Maple procedure isprime is a very sophisticated probabilis- 
tic primality test. The command isprime (n) returns false if n is not prime 
and returns true if n is probably prime. So far no one has found an integer 
n for which isprime (n) gives the wrong answer. 

One might ask what happens if we use 3 instead of 2 in the above prob- 
abilistic primality test. Or, better yet, what if we evaluate a m_1 mod m for 
several different values of a. 

Consider the following data: 

The number of primes < 10 6 is 78,498. 

The number of composite numbers m < 10 6 such that 2 m_1 = 1 (mod m) 
is 245. 

The number of composite numbers m < 10 6 such that 2 m_1 = 1 (mod m) 
and 3 m_1 = 1 (mod m) is 66. 

The number of composite numbers m < 10 6 such that a m_1 = 1 (mod m) 
for a G {2, 3, 5, 7, 11, 13, 17, 19, 31, 37, 41} is 0. 

Thus, we have the following result: 

Ifm< 10 6 and a™' 1 = 1 (mod m) for a G {2, 3, 5, 7, 11, 17, 19, 31, 37, 41} ; 
then m is prime. 

The above results for m < 10 6 were found using Maple. 

Ifm > Rwanda™" 1 = 1 (mod m) for a G {2,3,5,7,11,17,19,31,37,41}, 
it is highly likely, but not certain, that m is prime. Actually the primality 
test isprime that is built into Maple uses a somewhat different idea. 

Exercise 24.2. Use Maple to show that 
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(1) 3 90 = 1 (mod 91), but 91 is not prime. 

(2) 2 m ~ 1 = 1 (mod m) and T 1 ' 1 = 1 (mod m) for m = 1105, but 1105 is 
not prime. 

[Hints. Note that a n = 1 (mod m) •<=>■ a n mod m = 1. In Maple, 3 90 
is written 3~90 and 3 90 mod 91 is written 3"90 mod 91. A faster way to 
compute a n mod m in Maple is to use the command Power(a,n) mod m . 
Recall that if actor (m) is the command to factor m] 



Chapter 25 

The Base b Representation of n 



Definition 25.1. Let b > 2 and n > 0. We write 

(1) n = [a k ,a k -!, . . . ,ai,a ] b 

if and only if for some k > 

n = a k b k + a fc _i6 fc_1 + h aib + a 

where a, G {0, 1, . . . , b — 1} for i = 0, 1, . . . , k. [a k , a k -i, . . . ,ai,a ] is called a 
base b representation of n. 

Remark 25.1. Base b is called 

binary if 6 = 2, 

ternary if 6 = 3, 

octo/ if 6 = 8, 

decimal if 6 = 10, 

hexadecimal if 6 = 16. 

If 6 is understood, especially if 6 = 10, we write a k a k -\ ■ ■ ■ a\a§ in place of 
[a k , cifc-ij ■ ■ ■ , «i, oo]io- I n t ne case of 6 = 16, which is used frequently in 
computer science, the "digits" 10, 11, 12, 13, 14 and 15 are replaced by A, 
B, C, D, E and F, respectively. 

For a fixed base b > 2, the numbers a, G {0, 1, 2, . . . , b — 1} in equation 
(1) are called the G%i£s of the base b representation of n. In the binary case 
cii G {0, 1} and the a^'s are called 6z£s (binary digits). 
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Here are a few examples: 

(1) 267=[5,3,1] 7 

since 267 = 5 • 7 2 + 3 • 7 + 1. 

(2) 147=[1,0,0,1,0,0,1,1] 2 

since 147 = 1 • 2 7 + • 2 6 + • 2 5 + 1 • 2 4 + • 2 3 + • 2 2 + 1 • 2 + 1. 

(3) 4879 = [4,8,7,9]i 

since 4879 = 4 • 10 3 + 8 • 10 2 + 7 • 10 + 9. 

(4) 10705679 = [A, 3, 5, B, 0, F] 16 

since 10705679 = 10 • 16 5 + 3 • 16 4 + 5 • 16 3 + 11 • 16 2 + • 16 + 15. 

(5) 107056791 = [107, 56, 791]iooo 

since 107056791 = 107 • 1000 2 + 56 • 1000 + 791. 

Theorem 25.1. Ifb > 2, then every n > has a unique base b representation 
of the form n — [a k , . . . , ai, a ] b with a k > 0. 

Proof. Apply repeatedly the Division Algorithm as follows: 

n = bq + r , < r < b 
<?o = bqi + ri, < r\ < b 
qi = bq 2 + r 2 , < r 2 < b 

q k -i = bq k +r k , < r k < b 

q k = bq k+1 + r k+1 , < r k+1 < b. 

It is easy to see that if q k > 0: 

n > q > qi > ■ ■ ■ > q k . 

Since this cannot go on forever we eventually obtain qt = for some t. Then 
we have 

qt-i = b-0 + re. 

I claim that n = [rt, r^_i, . . . , r ] if i is the smallest integer such that qt = 0. 
To see this, note that 

n = bq + r 
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and 

go = bqi +n. 

Hence 

n = b (bqi + n) + r 
n = b 2 qi + br 1 + r . 

Continuing in this way we find that 

n = b e+1 q t + b e r e + • • • + br x + r . 

And, since qt — we have 

(*) n = b e r e ^ h6ri+r , 

which shows that 

n= [r^...,ri,r ] 6 . 
To see that this representation is unique, note that from (*) we have 

n = 6 (b^ri H h ri) + r , < r < 6. 

By the Division Algorithm it follows that r is uniquely determined by n, 
as is the quotient q = b^r^ + ■ ■ ■ + r\. A similar argument shows that r\ 
is uniquely determined. Continuing in this way we see that all the digits 
r£, rt-i, . . . , r are uniquely determined. □ 

Example 25.1. 

(1) We find the base 7 representation of 1,749. 

1749 = 249-7 + 6 
249 = 35 • 7 + 4 
35 = 5 • 7 + 
5 = 0-7 + 5 



Hence 1749 = [5,0,4,6] 7 . 
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(2) We find the base 12 representation of 19,151. 

19,151 = 1595 -12 + 11 
1,595 = 132 -12 + 11 
132 = 11-12 + 

11 = • 12 + 11 

.-. 19,151 = [11,0, 11, ll]i 2 . 

(3) Find the base 10 representation of 1,203. 

1203 = 120-10 + 3 
120 = 12-10 + 

12 = 1 • 10 + 2 
1 = • 10 + 1 

.-. 1203 = [1,2,0, 3]i . 

(4) Find the base 2 (binary) representation of 137. 



137 = 


2 


68 + 1 


68 = 


2 


34 + 


34 = 


2 


17 + 


17 = 


2 


8 + 1 


8 = 


2 


4 + 


4 = 


2 


2 + 


2 = 


2 


1 + 


1 = 


2 


+ 1 



.-. 137= [1,0, 0,0, 1,0,0, 1] 2 . 
Exercise 25.1. Generalize the following observations 



3 = 


[M]2 


7 = 


[1,1, 1] 2 


15 = 


[1,1,1,1] 2 


31 = 


[1,1,1,1,1] 2 


63 = 


[1,1, 1,1,1,1)2 



Prove your generalization. [HINT: See Exercise 2.5 on page 6.] 
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Exercise 25.2. Generalize the following observation: 

8=[2,2] 3 
26 = [2,2,2)3 
80= [2,2,2, 2] 3 
242 = [2, 2,2,2, 2] 3 

Prove your generalization. [HINT: See Exercise 2.5 on page 6.] 

Exercise 25.3. Generalize Exercises 25.1 and 25.2 to an arbitrary base b > 2. 

Remark 25.2. To find the binary representation of a small number, the fol- 
lowing method is often easier than the above method: 

Given n > let 2 ni be the largest power of 2 satisfying 2 ni < n. Let 2 n2 
be the largest power of 2 satisfying 

2 n2 < n - 2 ni . 

Let 2™ 3 be the largest power of 2 satisfying 

2 n 3 < n - 2 ni - 2 n2 . 

Note that at this point we have 

< n - (2 ni + 2 n2 + 2 ns ) <n- (2 ni + 2 n2 ) < n - 2 ni < n. 

Continuing in this way, eventually we get 

= n - (2 ni + 2 n2 + --- + 2 nfc ). 

Then n — 2 ni + 2 n2 + • • • + 2 nfc , and this gives the binary representation of n. 

Example 25.2. Take n = 137. Note that 2 1 = 2, 2 2 = 4, 2 3 = 8, 2 4 = 16, 

2 5 = 32, 2 6 = 64, 2 7 = 128, and 2 8 = 256. Using the above method we 
compute: 

137- 2 7 = 137- 128 = 9, 
9 - 2 3 = 1, 
1 - 2° = 0. 

So we have 

137 = 2 7 + 9 = 2 7 + 2 3 + 1, 
.-. 137 = 2 7 + 02 6 + 02 5 + 02 4 + 2 3 + 02 2 + • 2 + 1. 

So 137= [1,0,0,0, 1,0,0, 1] 2 . 
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Exercise 25.4. Show how to use both methods to find the binary represen- 
tation of 455. 

Exercise 25.5. Make a vertical list of the binary representation of the inte- 
gers 1 to 16. 



Chapter 26 

Computation of a N mod m 



Let's first consider the question: What is the smallest number of multiplica- 
tions required to compute a N where N is any positive integer? 

Suppose we want to calculate 2 8 . One way is to perform the following 7 
multiplications: 

2 2 = 2 • 2 = 4 

2 3 = 2 • 4 = 8 

2 4 = 2 • 8 = 16 

2 5 = 2 • 16 = 32 

2 6 = 2 • 32 = 64 

2 7 = 2 • 64 = 128 

2 8 = 2 • 128 = 256 

But we can do it in only 3 multiplications: 

2 2 = 2 • 2 = 4 

2 4 = (2 2 ) 2 = 4-4 = 16 

2 8 = (2 4 ) 2 = 16- 16 = 256 

In general, using the method: 

a 2 — a ■ a, a 3 — a 2 ■ a, a 4 — a 3 ■ a, . . . , a n — a n_1 • a 

requires n — 1 multiplications to compute a n . 
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On the other hand if n — 2 k then we can compute a n by successive 
squaring with only k multiplications: 



a 2 — a ■ a 

Q 2 2 _ f„2\ 2 2 „2 



2 3 

a 



I 2\* 2 2 

(a J = a -a 

/ 2 2 \ 2 2 2 2 

a = a -a 



a = I a 1 = a -a 



Note that the fact that 

2 k = (2 fc_1 ) 2 = 2 fc_1 + 2 k ~ 1 
together with the Laws of Exponents: 

(a n ) m = a nm 

and 

a n -a m = a n+m 

is what makes this method work. Note that if n — 2 k then k is generally a 
lot smaller than n — 1. For example, 

1024 = 2 10 

and 10 is quite a bit smaller than 1023. 

If n is not a power of 2 we can use the following method to compute a n . 

The Binary Method for Exponentiation. Let n be a positive integer. 
Let x be any real number. This is a method for computing x n . 

Step 1. Find the binary representation 

n — [a r , a r -i, . . . , Oq] 2 



for n. 
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Step 2. Compute the powers 

2 2 2 2 3 2 r 
0C y 0C y oc 2 ■ ■ ■ 5 ^ 

by successive squaring as shown above. 
Step 3. Compute the product 

™" ™a r 2 r _ a r _i2 r_1 _ _ _ ™ai2 _ a 

•X — Ju ' Ju ' Ju ' Ju • 

[Note each a, is or 1, so all needed factors were obtained in Step 2.] 

Example 26.1. Let's compute 3 15 . Note that 15 = 2 3 + 2 2 + 2 + 1 = 
[1, 1, 1, 1] 2 . So this takes care of Step 1. For Step 2, we note that 

3 2 = 3 . 3 = 9 

3 22 = 9 . 9 = 81 

3 23 = 81 ■ 81 = 6561 

So 3 15 = 3 23 • 3 22 • 3 2 • 3 1 . For this we need 3 multiplications: 

3 • 3 2 = 3 • 9 = 27 
(3-3 2 ) -3 22 = 27-81 = 2187 
(^3 • 3 2 • 3 2 ') 3 2 ' = 2187 • 6561 = 14348907 

So we have 

3 15 = 14348907. 

Note that we have used just 6 multiplications, which is less than the 14 it 
would take if we used the naive method. Let's not forget that some additional 
effort was needed to compute the binary representation of 15, but not much. 

Theorem 26.1. Computing x n using the binary method requires |_log 2 (n)J 
applications of the Division Algorithm and at most 2|_log 2 (n)J multiplications. 

Proof. If n — [a r , . . . , a ] 2 , a r = 1, then n — 2 r + • • • + a{l + a . Hence 

(*) 2 r < n < 2 r + 2 7 - 1 + • • • + 2 + 1 = 2 7 - 1 - 1 < 2 r+1 . 

Since log 2 (2 X ) = x and when < a < b we have log 2 (a) < log 2 (6), we have 
from (*) that 

log 2 (2 r ) < log 2 (n) < log 2 (2 r+1 ) 
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or 

T < l°g2( ri ) < T + 1. 

Hence r = Llog 2 (?T-)J . Note that r is the number of times we need to apply 
the Division Algorithm to obtain the binary representation n = [a r , . . . , a ] 2 , 
a r = 1. To compute the powers x,x 2 ,x 2 ,...,x T by successive squaring 
requires r = |_log 2 (Vi)J multiplications and similarly to compute the product 

requires r multiplicatons. So after obtaining the binary representation we 
need at most 2r = 2 [log 2 (n)J multiplications. □ 



Use of a calculator to compute log 2 (a;): To find log 2 (a;) one may use 
the formula 

log2 ^ = hT(2) ln ^ 



or 



log 2 (^) 



ln(a;) 



(0.69314718)_ 

where ln(a;) is the natural logarithm of x. For small values of x it is sometimes 
faster to use the fact that r = [logs (a;) J is equivalent to 

2 r < x < 2 r+1 , 

that is, r is the largest positive integer such that 2 r < x. The Maple command 
for log 2 (a;) is log [2] (x). 

Note that if we count an application of the Division Algorithm and a 
multiplication as the same, the above tells us that we need at most 3 [log 2 (n)J 
operations to compute x n . So, for example, if n — 10 6 , then it is easy to see 
that 3|_log 2 (n)J = 57. So we may compute a; 1 ' 000 ' 000 with only 57 operations. 

Exercise 26.1. Calculate 3[log 2 (n)J for n = 2,000,000. 

Exercise 26.2. Use the binary method to compute 2 25 . 

Exercise 26.3. Approximately how many operations would be required to 
compute 2 n when n = 10 100 ? Explain. 

Exercise 26.4. Note that 6 multiplications are used to compute 3 15 using 
the binary method. Show that one can compute 3 15 with fewer than 6 mul- 
tiplications. [You will have to experiment.] 
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Computing a n mod m. We use the binary method for exponentiation 
with the added trick that after every multiplication we reduce modulo m, 
that is, we divide by m and take the remainder. This keeps the products 
from getting too big. 

Example 26.2. We compute 3 15 mod 10: 

3 2 = 3- 3 = 9 = 9 (mod 10) 
3 4 = 9 . 9 = 81 ee 1 (mod 10) 
3 8 = 1-1eee1eee1 (mod 10) 
.-. 3 15 = 3 8 • 3 4 • 3 2 • 3 1 ee 1 • 1 • 9 • 3 = 27 ee 7 (mod 10). 

Note that 3 15 ee 7 (mod 10) implies that 3 15 mod 10 = 7. [Recall that on 
page 109 we calculated that 3 15 = 14348907 which is clearly congruent to 
7 mod 10, but the multiplications were not so easy] 

Example 26.3. Let's find 2 644 mod 645. It is easy to see that 

644 = [1,0, 1,0, 0,0, 0,1,0, 0] 2 

That is, 644 = 2 9 + 2 7 + 2 2 = 512 + 128 + 4. Now by successive squaring and 
reducing modulo 645 we get 



2 2 


= 2-2 


= 4 ; 


ee 4 (mod 645) 




2 4 


EE 4-4 


= 16 


i ee 16 (mod 645) 




2 8 


EE 16 • 


16 = 


256 ee 256 (mod 645) 




2 16 


ee 256 


• 256 


= 65, 536 ee 391 (mod 


645) 


2 32 


EE 391 


• 391 


= 152, 881 ee 16 (mod 


645) 


2 64 


EE 16 • 


16 = 


256 ee 256 (mod 645) 




2 128 


ee 256 


• 256 


= 65, 536 ee 391 (mod 


645) 


2 256 


EE 391 


• 391 


= 152, 881 ee 16 (mod 


645) 


2 512 


EE 16 • 


16 = 


256 ee 256 (mod 645). 





Now 

2 644 _ 2 512 _ 2 128 _ 2 4 

hence 

2 644 ee 256 • 391 • 16 (mod 645). 



112 



CHAPTER 26. COMPUTATION OF A N MOD M 



So 

256 • 391 = 100099 = 121 (mod 645) 

and 

121 • 16 = 1936 = 1 (mod 645) 
so we have 2 644 = 1 (mod 645). Hence 2 644 mod 645 = 1. 

Exercise 26.5. Calculate 2 513 mod 10. 

Exercise 26.6. Calculate 2 517 mod 100. 

Exercise 26.7. If you multiplied out 2 517 , how many decimal digits would 
you obtain? [See Exercise 4.3 on page 14.] 

Exercise 26.8. Note that on page 96 we calculated 123 4 7865435 mod 11 with 
very few multiplications. Why can we not use that method to compute 

123 4 7865435 mod m 



Chapter 27 

The RSA Scheme 



In this chapter we discuss the basis of the so-called RSA scheme. This is 
the most important example of a public key cryptographic scheme. The RSA 
scheme is due to R. Rivest, A. Shamir and L. Adelman 1 and was discovered 
by them in 1977. We show how to implement it in more detail later using 
Maple. Here we give the number-theoretic underpinning of the scheme. 

We assume that the message we wish to send has been converted to an 
integer in the set J m — {0, 1, 2, . . . , m — 1} where m is some positive integer 
to be determined. Generally this is a large integer. We will require two 
functions: 

E : J m —> J m (E for encipher) 

and 

D : J m —> J m (D for decipher). 

To be able to use D to decipher what E has enciphered we need to have 
D(E(x)) = x for all x G J m . To show how m, E, and D are chosen we first 
prove a lemma: 

Lemma 27.1. Let p and q be any two distinct primes and let m = pq. Let 

e and d be any two positive integers which are inverses of each other modulo 
4>(m). Then 

x ed = x (mod m) 

for all x. 

1 A copy of the paper "A Method for Obtaining Digital Signatures and Public-Key 
Cryptosystems" may be downloaded from http://citeseer.nj.nec.com/rivest78method.html 
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Proof. By Theorem 22.6, 4>{m) = (p — l)(q — 1). Since ed = 1 (mod 4>{m)) 
we have ed — 1 = k(j){m) = k(p — l)(q — 1) for some k. Note k > unless 
ed — 1 in which case the theorem is obvious. So we have 

(*) ed= k(j)(m) + 1 = k(p - l)(q - 1) + 1 

for some A: > 0. 

Now by Fermat's Little Theorem, if gcd(x,p) — 1 we have x p_1 = 1 
(mod p) and raising both sides of the congruence to the power (q — l)k we 
obtain: 

x ( P -i)( q -i) k _ 1 ^ mod p ^ 

and multiplying both sides by x we have 

x (p-i)( q -i)k+i _ ^ ^ mod p ^ 

That is, by (*) 

(**) a; ed = x (mod p). 

Now we proved (**) when gcd(x,p) = 1, but if gcd(x,p) — p it is obvious 
since then x = (modp). So in all cases (**) holds. A similar argument 
proves that for all x 

x ed = x (mod q). 
So by Exercise 15.11, page 63, we have since gcd(p, q) = 1 

x ed = x (mod m) 

for all a;. □ 
Theorem 27.1. Let J m = {0, 1, 2, . . . , m — 1} and define E : J m — > J m 6y 

^(a;) = a: 6 mod m 

and D : J m ^ J m by 

D(x) = x d mod m. 

Then E and D are inverses of each other if m, e and d are as in Lemma 
27.1. 
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Proof. It suffices to show that D(E(x)) = x for all x G J m . Let x G J m and 
let i?(a;) = a; 6 mod m = r\. Also let D (ri) = rf mod m = r 2 . We must show 
that r 2 = £. Since a; 6 mod m = r 1 we know that 

x e = r\ (mod m). 
Hence x ed = rf (mod m). We also know that 

rf = T2 (mod m). 
Hence x ed = r 2 (mod m). By Lemma 27.1 a: ed = x (mod m) so we have 

x = T2 (mod m). 

Since both x and r 2 are in J m we have by Exercise 15.5 that x = r 2 . This 
completes the proof. □ 



More details on the use of the RSA scheme will be given in the Maple 
worksheets which are available from the course website which may be reached 
from my home page: http://www.math.usf.edu/~eclark. 
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Appendix A 
Rings and Groups 



The material in this appendix is optional reading. However, for the sake 
of completeness we state here the definition of a ring and the definition of 
a group. If you are interested in learning more you might take the course 
Elementary Abstract Algebra. Having had this course should make it a little 
easier to understand the ideas in abstract algebra and vice versa. 

For more details you may download the free book Elementary Ab- 
stract Algebra from my homepage: 

http : //www. math. usf . edu/~eclark 

Alternatively, look in almost any book whose title contains the words Abstract 
Algebra or Modern Algebra. Look for one with Introductory or Elementary 
in the title. 

Definition A.l. A ring is an ordered triple (R, +, •) where R is a set and 
+ and • are binary operations on R satisfying the following properties: 

Al a + (b + c) = (a + b) + c for all a, 6, c in R. 

A2 a + b — b + a for all a, b in R. 

A3 There is an element G R satisfying a + = a for all a in R. 
A4 For every a G R there is an element b G R such that a + 6 = 0. 
Ml a ■ (6 ■ c) = (a ■ b) ■ c for all a, 6, c in i?. 
Dl a • (6 + c) = a • 6 + a • c for all a, 6, c in R. 
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D2 (6 + c) • a — b ■ a + c • a for all a, b, c in R. 

Thus, to describe a ring one must specify three things: 

1. a set, 

2. a binary operation on the set called multiplication, 

3. a binary operation on the set called addition. 

Then, one must verify that the properties above are satisfied. 

Example A.l. Here are some examples of rings. The two binary operations 
+ and • are in each case the ones that you are familiar with. 

1. (R, +, -)-the ring of real numbers. 

2- (Q, +, -)-the ring of rational numbers. 

3. (Z, +, -)-the ring of integers. 

4. (Z„, +, -)-the ring of integers modulo n. 

5. (M„(R), +, -)-the ring of all n x n matrices over R. 

Definition A. 2. A group is an ordered pair (G, *) where G is a set and * 
is a binary operation on G satisfying the following properties 

1. x * (y * z) — (x * y) * z for all x, y, z in G. 

2. There is an element eeG satisfying e * x — x and x * e — x for all x 
in G. 

3. For each element x in G there is an element y in G satisfying x * y — e 
and y * x — e. 

Definition A. 3. A group (G, *) is said to be Abelian if x * y — y * x for all 

x,y e G. 

Thus, to describe a group one must specify two things: 

1. a set, and 

2. a binary operation on the set. 
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Then, one must verify that the binary operation is associative, that there is 
an identity in the set, and that every element in the set has an inverse. 

Example A. 2. Here are some examples of groups. The binary operations 
are in each case the ones that you are familiar with. 

1. (Z, +) is a group with identity 0. The inverse of x G Z is —x. 

2- (Q, +) is a group with identity 0. The inverse of x G Q is —x. 

3. (R, +) is a group with identity 0. The inverse of x G R is —x. 

4- (Q — {0}, •) is a group with identity 1. The inverse of x G Q — {0} is 
x-\ 

5. (R — {0}, •) is a group with identity 1. The inverse of x G R — {0} is 

6. (Z n , +) is a group with identity 0. The inverse of x G Z n is n — x if 
i^0, the inverse of is 0. 

7. (U n , •) is a group with identity [1]. The inverse of [a] G U n was shown 
to exist in Chapter 22. 

8. (R n , +) where + is vector addition. The identity is the zero vector 
(0, 0, ... , 0) and the inverse of the vector x = (xi,x 2 , ■ ■ ■ , x n ) is the 
vector —x = (— xi, —x 2 , ■ ■ ■ , — x n ). 

9. (M„(R), +). This is the group of all n x n matrices over R and + is 
matrix addition. 
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